diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 60cb765bac..0ce5b6f148 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -68,10 +68,12 @@ jobs: run: msbuild bitwarden-server.sln /p:Configuration=Debug /verbosity:minimal shell: pwsh - - name: Test solution - run: | - dotnet test ./test --configuration Debug --no-build - dotnet test ./bitwarden_license/test/CmmCore.Test --configuration Debug --no-build + - name: Test OSS solution + run: dotnet test ./test --configuration Debug --no-build + shell: pwsh + + - name: Test Bitwarden solution + run: dotnet test ./bitwarden_license/test/CmmCore.Test --configuration Debug --no-build shell: pwsh diff --git a/src/Api/Controllers/CiphersController.cs b/src/Api/Controllers/CiphersController.cs index 6265121ce5..f4a4352901 100644 --- a/src/Api/Controllers/CiphersController.cs +++ b/src/Api/Controllers/CiphersController.cs @@ -76,7 +76,7 @@ namespace Bit.Api.Controllers { var cipher = await _cipherRepository.GetOrganizationDetailsByIdAsync(new Guid(id)); if (cipher == null || !cipher.OrganizationId.HasValue || - !await _currentContext.ManageAllCollections(cipher.OrganizationId.Value)) + !await _currentContext.ViewAllCollections(cipher.OrganizationId.Value)) { throw new NotFoundException(); } @@ -153,7 +153,7 @@ namespace Bit.Api.Controllers public async Task PostAdmin([FromBody]CipherCreateRequestModel model) { var cipher = model.Cipher.ToOrganizationCipher(); - if (!await _currentContext.ManageAllCollections(cipher.OrganizationId.Value)) + if (!await _currentContext.EditAnyCollection(cipher.OrganizationId.Value)) { throw new NotFoundException(); } @@ -197,7 +197,7 @@ namespace Bit.Api.Controllers var userId = _userService.GetProperUserId(User).Value; var cipher = await _cipherRepository.GetOrganizationDetailsByIdAsync(new Guid(id)); if (cipher == null || !cipher.OrganizationId.HasValue || - !await _currentContext.ManageAllCollections(cipher.OrganizationId.Value)) + !await _currentContext.EditAnyCollection(cipher.OrganizationId.Value)) { throw new NotFoundException(); } @@ -216,7 +216,7 @@ namespace Bit.Api.Controllers { var userId = _userService.GetProperUserId(User).Value; var orgIdGuid = new Guid(organizationId); - if (!await _currentContext.ManageAllCollections(orgIdGuid) && !await _currentContext.AccessReports(orgIdGuid)) + if (!await _currentContext.ViewAllCollections(orgIdGuid) && !await _currentContext.AccessReports(orgIdGuid)) { throw new NotFoundException(); } @@ -330,7 +330,7 @@ namespace Bit.Api.Controllers var userId = _userService.GetProperUserId(User).Value; var cipher = await _cipherRepository.GetByIdAsync(new Guid(id)); if (cipher == null || !cipher.OrganizationId.HasValue || - !await _currentContext.ManageAllCollections(cipher.OrganizationId.Value)) + !await _currentContext.EditAnyCollection(cipher.OrganizationId.Value)) { throw new NotFoundException(); } @@ -360,7 +360,7 @@ namespace Bit.Api.Controllers var userId = _userService.GetProperUserId(User).Value; var cipher = await _cipherRepository.GetByIdAsync(new Guid(id)); if (cipher == null || !cipher.OrganizationId.HasValue || - !await _currentContext.ManageAllCollections(cipher.OrganizationId.Value)) + !await _currentContext.EditAnyCollection(cipher.OrganizationId.Value)) { throw new NotFoundException(); } @@ -393,7 +393,7 @@ namespace Bit.Api.Controllers } if (model == null || string.IsNullOrWhiteSpace(model.OrganizationId) || - !await _currentContext.ManageAllCollections(new Guid(model.OrganizationId))) + !await _currentContext.EditAnyCollection(new Guid(model.OrganizationId))) { throw new NotFoundException(); } @@ -420,7 +420,7 @@ namespace Bit.Api.Controllers var userId = _userService.GetProperUserId(User).Value; var cipher = await _cipherRepository.GetByIdAsync(new Guid(id)); if (cipher == null || !cipher.OrganizationId.HasValue || - !await _currentContext.ManageAllCollections(cipher.OrganizationId.Value)) + !await _currentContext.EditAnyCollection(cipher.OrganizationId.Value)) { throw new NotFoundException(); } @@ -449,7 +449,7 @@ namespace Bit.Api.Controllers } if (model == null || string.IsNullOrWhiteSpace(model.OrganizationId) || - !await _currentContext.ManageAllCollections(new Guid(model.OrganizationId))) + !await _currentContext.EditAnyCollection(new Guid(model.OrganizationId))) { throw new NotFoundException(); } @@ -478,7 +478,7 @@ namespace Bit.Api.Controllers var userId = _userService.GetProperUserId(User).Value; var cipher = await _cipherRepository.GetOrganizationDetailsByIdAsync(new Guid(id)); if (cipher == null || !cipher.OrganizationId.HasValue || - !await _currentContext.ManageAllCollections(cipher.OrganizationId.Value)) + !await _currentContext.EditAnyCollection(cipher.OrganizationId.Value)) { throw new NotFoundException(); } @@ -572,7 +572,7 @@ namespace Bit.Api.Controllers else { var orgId = new Guid(organizationId); - if (!await _currentContext.ManageAllCollections(orgId)) + if (!await _currentContext.EditAnyCollection(orgId)) { throw new NotFoundException(); } @@ -590,7 +590,7 @@ namespace Bit.Api.Controllers await _cipherRepository.GetByIdAsync(idGuid, userId); if (cipher == null || (request.AdminRequest && (!cipher.OrganizationId.HasValue || - !await _currentContext.ManageAllCollections(cipher.OrganizationId.Value)))) + !await _currentContext.EditAnyCollection(cipher.OrganizationId.Value)))) { throw new NotFoundException(); } @@ -694,7 +694,7 @@ namespace Bit.Api.Controllers var userId = _userService.GetProperUserId(User).Value; var cipher = await _cipherRepository.GetOrganizationDetailsByIdAsync(idGuid); if (cipher == null || !cipher.OrganizationId.HasValue || - !await _currentContext.ManageAllCollections(cipher.OrganizationId.Value)) + !await _currentContext.EditAnyCollection(cipher.OrganizationId.Value)) { throw new NotFoundException(); } @@ -760,7 +760,7 @@ namespace Bit.Api.Controllers var userId = _userService.GetProperUserId(User).Value; var cipher = await _cipherRepository.GetByIdAsync(idGuid); if (cipher == null || !cipher.OrganizationId.HasValue || - !await _currentContext.ManageAllCollections(cipher.OrganizationId.Value)) + !await _currentContext.EditAnyCollection(cipher.OrganizationId.Value)) { throw new NotFoundException(); } diff --git a/src/Api/Controllers/CollectionsController.cs b/src/Api/Controllers/CollectionsController.cs index 9fa93e956f..3eff8e3bbd 100644 --- a/src/Api/Controllers/CollectionsController.cs +++ b/src/Api/Controllers/CollectionsController.cs @@ -37,6 +37,11 @@ namespace Bit.Api.Controllers [HttpGet("{id}")] public async Task Get(string orgId, string id) { + if (!await CanViewCollectionAsync(orgId, id)) + { + throw new NotFoundException(); + } + var collection = await GetCollectionAsync(new Guid(id), new Guid(orgId)); return new CollectionResponseModel(collection); } @@ -45,13 +50,13 @@ namespace Bit.Api.Controllers public async Task GetDetails(string orgId, string id) { var orgIdGuid = new Guid(orgId); - if (!await ManageAnyCollections(orgIdGuid) && !await _currentContext.ManageUsers(orgIdGuid)) + if (!await ViewAtLeastOneCollectionAsync(orgIdGuid) && !await _currentContext.ManageUsers(orgIdGuid)) { throw new NotFoundException(); } var idGuid = new Guid(id); - if (await _currentContext.ManageAllCollections(orgIdGuid)) + if (await _currentContext.ViewAllCollections(orgIdGuid)) { var collectionDetails = await _collectionRepository.GetByIdWithGroupsAsync(idGuid); if (collectionDetails?.Item1 == null || collectionDetails.Item1.OrganizationId != orgIdGuid) @@ -76,7 +81,7 @@ namespace Bit.Api.Controllers public async Task> Get(string orgId) { var orgIdGuid = new Guid(orgId); - if (!await _currentContext.ManageAllCollections(orgIdGuid) && !await _currentContext.ManageUsers(orgIdGuid)) + if (!await _currentContext.ViewAllCollections(orgIdGuid) && !await _currentContext.ManageUsers(orgIdGuid)) { throw new NotFoundException(); } @@ -108,14 +113,16 @@ namespace Bit.Api.Controllers public async Task Post(string orgId, [FromBody]CollectionRequestModel model) { var orgIdGuid = new Guid(orgId); - if (!await ManageAnyCollections(orgIdGuid)) + var collection = model.ToCollection(orgIdGuid); + + if (!await CanCreateCollection(orgIdGuid, collection.Id) && + !await CanEditCollectionAsync(orgIdGuid, collection.Id)) { throw new NotFoundException(); } - var collection = model.ToCollection(orgIdGuid); await _collectionService.SaveAsync(collection, model.Groups?.Select(g => g.ToSelectionReadOnly()), - !await _currentContext.ManageAllCollections(orgIdGuid) ? _currentContext.UserId : null); + !await _currentContext.ViewAllCollections(orgIdGuid) ? _currentContext.UserId : null); return new CollectionResponseModel(collection); } @@ -123,6 +130,11 @@ namespace Bit.Api.Controllers [HttpPost("{id}")] public async Task Put(string orgId, string id, [FromBody]CollectionRequestModel model) { + if (!await CanEditCollectionAsync(orgId, id)) + { + throw new NotFoundException(); + } + var collection = await GetCollectionAsync(new Guid(id), new Guid(orgId)); await _collectionService.SaveAsync(model.ToCollection(collection), model.Groups?.Select(g => g.ToSelectionReadOnly())); @@ -140,6 +152,11 @@ namespace Bit.Api.Controllers [HttpPost("{id}/delete")] public async Task Delete(string orgId, string id) { + if (!await CanDeleteCollectionAsync(orgId, id)) + { + throw new NotFoundException(); + } + var collection = await GetCollectionAsync(new Guid(id), new Guid(orgId)); await _collectionService.DeleteAsync(collection); } @@ -154,14 +171,17 @@ namespace Bit.Api.Controllers private async Task GetCollectionAsync(Guid id, Guid orgId) { - if (!await ManageAnyCollections(orgId)) + Collection collection = default; + if (await _currentContext.ViewAllCollections(orgId)) { - throw new NotFoundException(); + collection = await _collectionRepository.GetByIdAsync(id); + } + + if (await _currentContext.ViewAssignedCollections(orgId)) + { + collection = await _collectionRepository.GetByIdAsync(id, _currentContext.UserId.Value); } - var collection = await _currentContext.OrganizationAdmin(orgId) ? - await _collectionRepository.GetByIdAsync(id) : - await _collectionRepository.GetByIdAsync(id, _currentContext.UserId.Value); if (collection == null || collection.OrganizationId != orgId) { throw new NotFoundException(); @@ -170,9 +190,86 @@ namespace Bit.Api.Controllers return collection; } - private async Task ManageAnyCollections(Guid orgId) + + public async Task CanCreateCollection(Guid orgId, Guid collectionId) { - return await _currentContext.ManageAssignedCollections(orgId) || await _currentContext.ManageAllCollections(orgId); + if (collectionId != default) + { + return false; + } + + return await _currentContext.CreateNewCollections(orgId); + } + + private async Task CanEditCollectionAsync(string orgId, string collectionId) => + await CanEditCollectionAsync(new Guid(orgId), new Guid(collectionId)); + private async Task CanEditCollectionAsync(Guid orgId, Guid collectionId) + { + if (collectionId == default) + { + return false; + } + + if (await _currentContext.EditAnyCollection(orgId)) + { + return true; + } + + if (await _currentContext.EditAssignedCollections(orgId)) + { + return null != _collectionRepository.GetByIdAsync(collectionId, _currentContext.UserId.Value); + } + + return false; + } + + private async Task CanDeleteCollectionAsync(string orgId, string collectionId) => + await CanDeleteCollectionAsync(new Guid(orgId), new Guid(collectionId)); + private async Task CanDeleteCollectionAsync(Guid orgId, Guid collectionId) + { + if (collectionId == default) + { + return false; + } + + if (await _currentContext.DeleteAnyCollection(orgId)) + { + return true; + } + + if (await _currentContext.DeleteAssignedCollections(orgId)) + { + return null != _collectionRepository.GetByIdAsync(collectionId, _currentContext.UserId.Value); + } + + return false; + } + + private async Task CanViewCollectionAsync(string orgId, string collectionId) => + await CanViewCollectionAsync(new Guid(orgId), new Guid(collectionId)); + private async Task CanViewCollectionAsync(Guid orgId, Guid collectionId) + { + if (collectionId == default) + { + return false; + } + + if (await _currentContext.ViewAllCollections(orgId)) + { + return true; + } + + if (await _currentContext.ViewAssignedCollections(orgId)) + { + return null != _collectionRepository.GetByIdAsync(collectionId, _currentContext.UserId.Value); + } + + return false; + } + + private async Task ViewAtLeastOneCollectionAsync(Guid orgId) + { + return await _currentContext.ViewAllCollections(orgId) || await _currentContext.ViewAssignedCollections(orgId); } } } diff --git a/src/Api/Controllers/GroupsController.cs b/src/Api/Controllers/GroupsController.cs index 9883749957..55572d53b6 100644 --- a/src/Api/Controllers/GroupsController.cs +++ b/src/Api/Controllers/GroupsController.cs @@ -59,8 +59,8 @@ namespace Bit.Api.Controllers { var orgIdGuid = new Guid(orgId); var canAccess = await _currentContext.ManageGroups(orgIdGuid) || - await _currentContext.ManageAssignedCollections(orgIdGuid) || - await _currentContext.ManageAllCollections(orgIdGuid) || + await _currentContext.ViewAssignedCollections(orgIdGuid) || + await _currentContext.ViewAllCollections(orgIdGuid) || await _currentContext.ManageUsers(orgIdGuid); if (!canAccess) diff --git a/src/Api/Controllers/OrganizationUsersController.cs b/src/Api/Controllers/OrganizationUsersController.cs index 7dcaec66c6..97d6123b86 100644 --- a/src/Api/Controllers/OrganizationUsersController.cs +++ b/src/Api/Controllers/OrganizationUsersController.cs @@ -61,7 +61,7 @@ namespace Bit.Api.Controllers public async Task> Get(string orgId) { var orgGuidId = new Guid(orgId); - if (!await _currentContext.ManageAssignedCollections(orgGuidId) && + if (!await _currentContext.ViewAssignedCollections(orgGuidId) && !await _currentContext.ManageGroups(orgGuidId) && !await _currentContext.ManageUsers(orgGuidId)) { diff --git a/src/Core/Context/CurrentContext.cs b/src/Core/Context/CurrentContext.cs index 6d224ff2b9..cb55a7d458 100644 --- a/src/Core/Context/CurrentContext.cs +++ b/src/Core/Context/CurrentContext.cs @@ -142,7 +142,7 @@ namespace Bit.Core.Context Organizations = GetOrganizations(claimsDict, orgApi); Providers = GetProviders(claimsDict); - + return Task.FromResult(0); } @@ -210,7 +210,7 @@ namespace Bit.Core.Context return organizations; } - + private List GetProviders(Dictionary> claimsDict) { var providers = new List(); @@ -274,6 +274,7 @@ namespace Bit.Core.Context return Task.FromResult(Organizations?.Any(o => o.Id == orgId && o.Type == OrganizationUserType.Custom) ?? false); } + public async Task AccessBusinessPortal(Guid orgId) { return await OrganizationAdmin(orgId) || (Organizations?.Any(o => o.Id == orgId @@ -298,16 +299,44 @@ namespace Bit.Core.Context && (o.Permissions?.AccessReports ?? false)) ?? false); } - public async Task ManageAllCollections(Guid orgId) + public async Task CreateNewCollections(Guid orgId) { return await OrganizationAdmin(orgId) || (Organizations?.Any(o => o.Id == orgId - && (o.Permissions?.ManageAllCollections ?? false)) ?? false); + && (o.Permissions?.CreateNewCollections ?? false)) ?? false); } - public async Task ManageAssignedCollections(Guid orgId) + public async Task EditAnyCollection(Guid orgId) + { + return await OrganizationAdmin(orgId) || (Organizations?.Any(o => o.Id == orgId + && (o.Permissions?.EditAnyCollection ?? false)) ?? false); + } + + public async Task DeleteAnyCollection(Guid orgId) + { + return await OrganizationAdmin(orgId) || (Organizations?.Any(o => o.Id == orgId + && (o.Permissions?.DeleteAnyCollection ?? false)) ?? false); + } + + public async Task ViewAllCollections(Guid orgId) + { + return await EditAnyCollection(orgId) || await DeleteAnyCollection(orgId); + } + + public async Task EditAssignedCollections(Guid orgId) { return await OrganizationManager(orgId) || (Organizations?.Any(o => o.Id == orgId - && (o.Permissions?.ManageAssignedCollections ?? false)) ?? false); + && (o.Permissions?.EditAssignedCollections ?? false)) ?? false); + } + + public async Task DeleteAssignedCollections(Guid orgId) + { + return await OrganizationManager(orgId) || (Organizations?.Any(o => o.Id == orgId + && (o.Permissions?.DeleteAssignedCollections ?? false)) ?? false); + } + + public async Task ViewAssignedCollections(Guid orgId) + { + return await EditAssignedCollections(orgId) || await DeleteAssignedCollections(orgId); } public async Task ManageGroups(Guid orgId) @@ -431,8 +460,11 @@ namespace Bit.Core.Context AccessEventLogs = hasClaim("accesseventlogs"), AccessImportExport = hasClaim("accessimportexport"), AccessReports = hasClaim("accessreports"), - ManageAllCollections = hasClaim("manageallcollections"), - ManageAssignedCollections = hasClaim("manageassignedcollections"), + CreateNewCollections = hasClaim("createnewcollections"), + EditAnyCollection = hasClaim("editanycollection"), + DeleteAnyCollection = hasClaim("deleteanycollection"), + EditAssignedCollections = hasClaim("editassignedcollections"), + DeleteAssignedCollections = hasClaim("deleteassignedcollections"), ManageGroups = hasClaim("managegroups"), ManagePolicies = hasClaim("managepolicies"), ManageSso = hasClaim("managesso"), diff --git a/src/Core/Context/ICurrentContext.cs b/src/Core/Context/ICurrentContext.cs index 184f91bd18..fe7990039b 100644 --- a/src/Core/Context/ICurrentContext.cs +++ b/src/Core/Context/ICurrentContext.cs @@ -40,8 +40,13 @@ namespace Bit.Core.Context Task AccessEventLogs(Guid orgId); Task AccessImportExport(Guid orgId); Task AccessReports(Guid orgId); - Task ManageAllCollections(Guid orgId); - Task ManageAssignedCollections(Guid orgId); + Task CreateNewCollections(Guid orgId); + Task EditAnyCollection(Guid orgId); + Task DeleteAnyCollection(Guid orgId); + Task ViewAllCollections(Guid orgId); + Task EditAssignedCollections(Guid orgId); + Task DeleteAssignedCollections(Guid orgId); + Task ViewAssignedCollections(Guid orgId); Task ManageGroups(Guid orgId); Task ManagePolicies(Guid orgId); Task ManageSso(Guid orgId); diff --git a/src/Core/Models/Data/Permissions.cs b/src/Core/Models/Data/Permissions.cs index b7eb9bb10e..81c8744e71 100644 --- a/src/Core/Models/Data/Permissions.cs +++ b/src/Core/Models/Data/Permissions.cs @@ -1,3 +1,7 @@ +using System; +using System.Collections.Generic; +using Newtonsoft.Json; + namespace Bit.Core.Models.Data { public class Permissions @@ -6,12 +10,39 @@ namespace Bit.Core.Models.Data public bool AccessEventLogs { get; set; } public bool AccessImportExport { get; set; } public bool AccessReports { get; set; } - public bool ManageAssignedCollections { get; set; } - public bool ManageAllCollections { get; set; } + [Obsolete("This permission exists for client backwards-compatibility. It should not be used to determine permissions in this repository", true)] + public bool ManageAllCollections => CreateNewCollections && EditAnyCollection && DeleteAnyCollection; + public bool CreateNewCollections { get; set; } + public bool EditAnyCollection { get; set; } + public bool DeleteAnyCollection { get; set; } + [Obsolete("This permission exists for client backwards-compatibility. It should not be used to determine permissions in this repository", true)] + public bool ManageAssignedCollections => EditAssignedCollections && DeleteAssignedCollections; + public bool EditAssignedCollections { get; set; } + public bool DeleteAssignedCollections { get; set; } public bool ManageGroups { get; set; } public bool ManagePolicies { get; set; } public bool ManageSso { get; set; } public bool ManageUsers { get; set; } public bool ManageResetPassword { get; set; } + + [JsonIgnore] + [System.Text.Json.Serialization.JsonIgnore] + public List<(bool Permission, string ClaimName)> ClaimsMap => new() + { + (AccessBusinessPortal, "accessbusinessportal"), + (AccessEventLogs, "accesseventlogs"), + (AccessImportExport, "accessimportexport"), + (AccessReports, "accessreports"), + (CreateNewCollections, "createnewcollections"), + (EditAnyCollection, "editanycollection"), + (DeleteAnyCollection, "deleteanycollection"), + (EditAssignedCollections, "editassignedcollections"), + (DeleteAssignedCollections, "deleteassignedcollections"), + (ManageGroups, "managegroups"), + (ManagePolicies, "managepolicies"), + (ManageSso, "managesso"), + (ManageUsers, "manageusers"), + (ManageResetPassword, "manageresetpassword"), + }; } } diff --git a/src/Core/Utilities/CoreHelpers.cs b/src/Core/Utilities/CoreHelpers.cs index d9cac44776..18193bb1b6 100644 --- a/src/Core/Utilities/CoreHelpers.cs +++ b/src/Core/Utilities/CoreHelpers.cs @@ -242,6 +242,17 @@ namespace Bit.Core.Utilities } } + public static string GetEmbeddedResourceContentsAsync(string file) + { + var assembly = Assembly.GetCallingAssembly(); + var resourceName = assembly.GetManifestResourceNames().Single(n => n.EndsWith(file)); + using (var stream = assembly.GetManifestResourceStream(resourceName)) + using (var reader = new StreamReader(stream)) + { + return reader.ReadToEnd(); + } + } + public async static Task GetBlobCertificateAsync(CloudStorageAccount cloudStorageAccount, string container, string file, string password) { @@ -827,60 +838,14 @@ namespace Bit.Core.Utilities foreach (var org in group) { claims.Add(new KeyValuePair("orgcustom", org.Id.ToString())); + foreach (var (permission, claimName) in org.Permissions.ClaimsMap) + { + if (!permission) + { + continue; + } - if (org.Permissions.AccessBusinessPortal) - { - claims.Add(new KeyValuePair("accessbusinessportal", org.Id.ToString())); - } - - if (org.Permissions.AccessEventLogs) - { - claims.Add(new KeyValuePair("accesseventlogs", org.Id.ToString())); - } - - if (org.Permissions.AccessImportExport) - { - claims.Add(new KeyValuePair("accessimportexport", org.Id.ToString())); - } - - if (org.Permissions.AccessReports) - { - claims.Add(new KeyValuePair("accessreports", org.Id.ToString())); - } - - if (org.Permissions.ManageAllCollections) - { - claims.Add(new KeyValuePair("manageallcollections", org.Id.ToString())); - } - - if (org.Permissions.ManageAssignedCollections) - { - claims.Add(new KeyValuePair("manageassignedcollections", org.Id.ToString())); - } - - if (org.Permissions.ManageGroups) - { - claims.Add(new KeyValuePair("managegroups", org.Id.ToString())); - } - - if (org.Permissions.ManagePolicies) - { - claims.Add(new KeyValuePair("managepolicies", org.Id.ToString())); - } - - if (org.Permissions.ManageSso) - { - claims.Add(new KeyValuePair("managesso", org.Id.ToString())); - } - - if (org.Permissions.ManageUsers) - { - claims.Add(new KeyValuePair("manageusers", org.Id.ToString())); - } - - if (org.Permissions.ManageResetPassword) - { - claims.Add(new KeyValuePair("manageresetpassword", org.Id.ToString())); + claims.Add(new KeyValuePair(claimName, org.Id.ToString())); } } break; diff --git a/test/Core.Test/AutoFixture/PolicyFixtures.cs b/test/Core.Test/AutoFixture/PolicyFixtures.cs index a5c5f85b86..8689916939 100644 --- a/test/Core.Test/AutoFixture/PolicyFixtures.cs +++ b/test/Core.Test/AutoFixture/PolicyFixtures.cs @@ -4,17 +4,11 @@ using AutoFixture; using TableModel = Bit.Core.Models.Table; using Bit.Core.Test.AutoFixture.Attributes; using Bit.Core.Test.AutoFixture.GlobalSettingsFixtures; -using AutoMapper; -using Bit.Core.Models.EntityFramework; -using Bit.Core.Models; -using System.Collections.Generic; using Bit.Core.Enums; using AutoFixture.Kernel; -using System; using Bit.Core.Test.AutoFixture.OrganizationFixtures; using Bit.Core.Repositories.EntityFramework; using Bit.Core.Test.AutoFixture.EntityFrameworkRepositoryFixtures; -using System.Reflection; using AutoFixture.Xunit2; namespace Bit.Core.Test.AutoFixture.PolicyFixtures diff --git a/test/Core.Test/AutoFixture/UserFixtures.cs b/test/Core.Test/AutoFixture/UserFixtures.cs index 1ef978fb07..fb9a3e27c9 100644 --- a/test/Core.Test/AutoFixture/UserFixtures.cs +++ b/test/Core.Test/AutoFixture/UserFixtures.cs @@ -2,8 +2,6 @@ using AutoFixture; using TableModel = Bit.Core.Models.Table; using Bit.Core.Test.AutoFixture.Attributes; using Bit.Core.Test.AutoFixture.GlobalSettingsFixtures; -using AutoMapper; -using Bit.Core.Models.EntityFramework; using Bit.Core.Models; using System.Collections.Generic; using Bit.Core.Enums; @@ -15,11 +13,11 @@ using Bit.Core.Test.AutoFixture.EntityFrameworkRepositoryFixtures; namespace Bit.Core.Test.AutoFixture.UserFixtures { - internal class UserBuilder: ISpecimenBuilder + internal class UserBuilder : ISpecimenBuilder { public object Create(object request, ISpecimenContext context) { - if (context == null) + if (context == null) { throw new ArgumentNullException(nameof(context)); } @@ -49,19 +47,27 @@ namespace Bit.Core.Test.AutoFixture.UserFixtures } } - internal class EfUser: ICustomization - { - public void Customize(IFixture fixture) - { - fixture.Customizations.Add(new IgnoreVirtualMembersCustomization()); - fixture.Customizations.Add(new GlobalSettingsBuilder()); - fixture.Customizations.Add(new UserBuilder()); - fixture.Customizations.Add(new OrganizationBuilder()); - fixture.Customizations.Add(new EfRepositoryListBuilder()); - fixture.Customizations.Add(new EfRepositoryListBuilder()); - fixture.Customizations.Add(new EfRepositoryListBuilder()); - } - } + internal class UserFixture : ICustomization + { + public virtual void Customize(IFixture fixture) + { + fixture.Customizations.Add(new IgnoreVirtualMembersCustomization()); + fixture.Customizations.Add(new GlobalSettingsBuilder()); + fixture.Customizations.Add(new UserBuilder()); + fixture.Customizations.Add(new OrganizationBuilder()); + } + } + + internal class EfUser : UserFixture + { + public override void Customize(IFixture fixture) + { + base.Customize(fixture); + fixture.Customizations.Add(new EfRepositoryListBuilder()); + fixture.Customizations.Add(new EfRepositoryListBuilder()); + fixture.Customizations.Add(new EfRepositoryListBuilder()); + } + } internal class EfUserAutoDataAttribute : CustomAutoDataAttribute { diff --git a/test/Core.Test/Core.Test.csproj b/test/Core.Test/Core.Test.csproj index fe0812b797..45c44fa1bd 100644 --- a/test/Core.Test/Core.Test.csproj +++ b/test/Core.Test/Core.Test.csproj @@ -26,4 +26,10 @@ + + + + + + diff --git a/test/Core.Test/Models/PermissionsTests.cs b/test/Core.Test/Models/PermissionsTests.cs new file mode 100644 index 0000000000..0e8e1a5a8c --- /dev/null +++ b/test/Core.Test/Models/PermissionsTests.cs @@ -0,0 +1,56 @@ +using System; +using System.Text.Json; +using AutoFixture.Xunit2; +using Bit.Core.Models.Data; +using Bit.Core.Models.Table; +using Bit.Core.Utilities; +using Newtonsoft.Json; +using Newtonsoft.Json.Serialization; +using Xunit; + +namespace Bit.Core.Test.Models +{ + public class PermissionsTests + { + private static readonly string _exampleSerializedPermissions = string.Concat( + "{", + "\"accessBusinessPortal\": false,", + "\"accessEventLogs\": false,", + "\"accessImportExport\": false,", + "\"accessReports\": false,", + "\"manageAllCollections\": true,", // exists for backwards compatibility + "\"createNewCollections\": true,", + "\"editAnyCollection\": true,", + "\"deleteAnyCollection\": true,", + "\"manageAssignedCollections\": false,", // exists for backwards compatibility + "\"editAssignedCollections\": false,", + "\"deleteAssignedCollections\": false,", + "\"manageGroups\": false,", + "\"managePolicies\": false,", + "\"manageSso\": false,", + "\"manageUsers\": false,", + "\"manageResetPassword\": false", + "}"); + + [Fact] + public void Serialization_Success() + { + // minify expected json + var expected = JsonConvert.SerializeObject(JsonConvert.DeserializeObject(_exampleSerializedPermissions)); + + DefaultContractResolver contractResolver = new DefaultContractResolver + { + NamingStrategy = new CamelCaseNamingStrategy() + }; + + var actual = JsonConvert.SerializeObject( + CoreHelpers.LoadClassFromJsonData(_exampleSerializedPermissions), new JsonSerializerSettings + { + ContractResolver = contractResolver, + }); + + Console.WriteLine(actual); + Assert.Equal(expected, actual); + } + } +} diff --git a/test/Core.Test/Repositories/EntityFramework/CipherRepositoryTests.cs b/test/Core.Test/Repositories/EntityFramework/CipherRepositoryTests.cs index 8613949953..63cd2d051b 100644 --- a/test/Core.Test/Repositories/EntityFramework/CipherRepositoryTests.cs +++ b/test/Core.Test/Repositories/EntityFramework/CipherRepositoryTests.cs @@ -1,8 +1,6 @@ using System.Collections.Generic; using System.Linq; using Bit.Core.Models.Table; -using Bit.Core.Repositories.EntityFramework; -using Bit.Core.Test.AutoFixture; using Bit.Core.Test.AutoFixture.Attributes; using Bit.Core.Test.AutoFixture.CipherFixtures; using Bit.Core.Test.Repositories.EntityFramework.EqualityComparers; @@ -10,7 +8,6 @@ using Microsoft.EntityFrameworkCore; using Xunit; using EfRepo = Bit.Core.Repositories.EntityFramework; using SqlRepo = Bit.Core.Repositories.SqlServer; -using Bit.Core.Test.AutoFixture.CipherFixtures; using Bit.Core.Repositories.EntityFramework.Queries; using Bit.Core.Models.Data; using System; diff --git a/test/Core.Test/Utilities/CoreHelpersTests.cs b/test/Core.Test/Utilities/CoreHelpersTests.cs index d1bad76a92..cf43aa13ba 100644 --- a/test/Core.Test/Utilities/CoreHelpersTests.cs +++ b/test/Core.Test/Utilities/CoreHelpersTests.cs @@ -3,7 +3,15 @@ using System.Collections.Generic; using System.Linq; using Bit.Core.Utilities; using Xunit; -using MimeKit; +using Bit.Core.Test.AutoFixture.Attributes; +using Bit.Core.Test.AutoFixture.UserFixtures; +using IdentityModel; +using Bit.Core.Enums.Provider; +using Bit.Core.Models.Table; +using Bit.Core.Context; +using AutoFixture; +using Bit.Core.Test.AutoFixture; +using Bit.Core.Enums; namespace Bit.Core.Test.Utilities { @@ -150,11 +158,11 @@ namespace Bit.Core.Test.Utilities [Fact] public void CloneObject_Success() { - var orignial = new { Message = "Message" }; + var original = new { Message = "Message" }; - var copy = CoreHelpers.CloneObject(orignial); + var copy = CoreHelpers.CloneObject(original); - Assert.Equal(orignial.Message, copy.Message); + Assert.Equal(original.Message, copy.Message); } [Fact] @@ -232,5 +240,116 @@ namespace Bit.Core.Test.Utilities var actual = CoreHelpers.PunyEncode(text); Assert.Equal(expected, actual); } + + [Fact] + public void GetEmbeddedResourceContentsAsync_Success() + { + var fileContents = CoreHelpers.GetEmbeddedResourceContentsAsync("data.embeddedResource.txt"); + Assert.Equal("Contents of embeddedResource.txt\n", fileContents.Replace("\r\n", "\n")); + } + + [Theory, CustomAutoData(typeof(UserFixture))] + public void BuildIdentityClaims_BaseClaims_Success(User user, bool isPremium) + { + var expected = new Dictionary + { + { "premium", isPremium ? "true" : "false" }, + { JwtClaimTypes.Email, user.Email }, + { JwtClaimTypes.EmailVerified, user.EmailVerified ? "true" : "false" }, + { JwtClaimTypes.Name, user.Name }, + { "sstamp", user.SecurityStamp }, + }.ToList(); + + var actual = CoreHelpers.BuildIdentityClaims(user, Array.Empty(), + Array.Empty(), isPremium); + + foreach (var claim in expected) + { + Assert.Contains(claim, actual); + } + Assert.Equal(expected.Count, actual.Count); + } + + [Theory, CustomAutoData(typeof(UserFixture))] + public void BuildIdentityClaims_NonCustomOrganizationUserType_Success(User user) + { + var fixture = new Fixture().WithAutoNSubstitutions(); + foreach (var organizationUserType in Enum.GetValues().Except(new[] { OrganizationUserType.Custom })) + { + var org = fixture.Create(); + org.Type = organizationUserType; + + var expected = new KeyValuePair($"org{organizationUserType.ToString().ToLower()}", org.Id.ToString()); + var actual = CoreHelpers.BuildIdentityClaims(user, new[] { org }, Array.Empty(), false); + + Assert.Contains(expected, actual); + } + } + + [Theory, CustomAutoData(typeof(UserFixture))] + public void BuildIdentityClaims_CustomOrganizationUserClaims_Success(User user, CurrentContentOrganization org) + { + var fixture = new Fixture().WithAutoNSubstitutions(); + org.Type = OrganizationUserType.Custom; + + var actual = CoreHelpers.BuildIdentityClaims(user, new[] { org }, Array.Empty(), false); + foreach (var (permitted, claimName) in org.Permissions.ClaimsMap) + { + var claim = new KeyValuePair(claimName, org.Id.ToString()); + if (permitted) + { + + Assert.Contains(claim, actual); + } + else + { + Assert.DoesNotContain(claim, actual); + } + } + } + + [Theory, CustomAutoData(typeof(UserFixture))] + public void BuildIdentityClaims_ProviderClaims_Success(User user) + { + var fixture = new Fixture().WithAutoNSubstitutions(); + var providers = new List(); + foreach (var providerUserType in Enum.GetValues()) + { + var provider = fixture.Create(); + provider.Type = providerUserType; + providers.Add(provider); + } + + var claims = new List>(); + + if (providers.Any()) + { + foreach (var group in providers.GroupBy(o => o.Type)) + { + switch (group.Key) + { + case ProviderUserType.ProviderAdmin: + foreach (var provider in group) + { + claims.Add(new KeyValuePair("providerprovideradmin", provider.Id.ToString())); + } + break; + case ProviderUserType.ServiceUser: + foreach (var provider in group) + { + claims.Add(new KeyValuePair("providerserviceuser", provider.Id.ToString())); + } + break; + } + } + } + + var actual = CoreHelpers.BuildIdentityClaims(user, Array.Empty(), providers, false); + foreach (var claim in claims) + { + Assert.Contains(claim, actual); + } + } + } } diff --git a/test/Core.Test/Utilities/data/embeddedResource.txt b/test/Core.Test/Utilities/data/embeddedResource.txt new file mode 100644 index 0000000000..4019c65131 --- /dev/null +++ b/test/Core.Test/Utilities/data/embeddedResource.txt @@ -0,0 +1 @@ +Contents of embeddedResource.txt diff --git a/util/Migrator/DbScripts/2021-09-21_00_SplitManageCollectionsJson.sql b/util/Migrator/DbScripts/2021-09-21_00_SplitManageCollectionsJson.sql new file mode 100644 index 0000000000..0ff29df55c --- /dev/null +++ b/util/Migrator/DbScripts/2021-09-21_00_SplitManageCollectionsJson.sql @@ -0,0 +1,64 @@ +-- Split Manage Assigned Collections into edit and delete +UPDATE [vault_dev].[dbo].[OrganizationUser] +SET [Permissions] = + JSON_MODIFY( + JSON_MODIFY( + [Permissions], + '$.editAssignedCollections', + CAST(ISNULL( + ISNULL( + JSON_VALUE([Permissions], '$.editAssignedCollections'), + JSON_VALUE([Permissions], '$.manageAssignedCollections') + ), + 0) AS BIT) + ), + '$.deleteAssignedCollections', + CAST(ISNULL( + ISNULL( + JSON_VALUE([Permissions], '$.deleteAssignedCollections'), + JSON_VALUE([Permissions], '$.manageAssignedCollections')), + 0) AS BIT) + ) +WHERE [Permissions] IS NOT NULL + AND ISJSON([Permissions]) > 0 + AND ( + JSON_VALUE([Permissions], '$.editAssignedCollections') IS NULL + OR JSON_VALUE([Permissions], '$.deleteAssignedCollections') IS NULL + ) + +-- Split Manage All Collections into create, edit, and delete +UPDATE [vault_dev].[dbo].[OrganizationUser] +SET [Permissions] = + JSON_MODIFY( + JSON_MODIFY( + JSON_MODIFY( + [Permissions], + '$.createNewCollections', + CAST(ISNULL( + ISNULL( + JSON_VALUE([Permissions], '$.createNewCollections'), + JSON_VALUE([Permissions], '$.manageAllCollections')), + 0) AS BIT) + ), + '$.editAnyCollection', + CAST(ISNULL( + ISNULL( + JSON_VALUE([Permissions], '$.editAnyCollection'), + JSON_VALUE([Permissions], '$.manageAllCollections')), + 0) AS BIT) + ), + '$.deleteAnyCollection', + CAST(ISNULL( + ISNULL( + JSON_VALUE([Permissions], '$.deleteAnyCollection'), + JSON_VALUE([Permissions], '$.manageAllCollections')), + 0) AS BIT) + ) +WHERE [Permissions] IS NOT NULL + AND ISJSON([Permissions]) > 0 + AND ( + JSON_VALUE([Permissions], '$.createNewCollections') IS NULL + OR JSON_VALUE([Permissions], '$.editAnyCollection') IS NULL + OR JSON_VALUE([Permissions], '$.deleteAnyCollection') IS NULL + ) + diff --git a/util/MySqlMigrations/Migrations/20210921200227_SplitManageCollectionsPermissions.Designer.cs b/util/MySqlMigrations/Migrations/20210921200227_SplitManageCollectionsPermissions.Designer.cs new file mode 100644 index 0000000000..644759c380 --- /dev/null +++ b/util/MySqlMigrations/Migrations/20210921200227_SplitManageCollectionsPermissions.Designer.cs @@ -0,0 +1,1486 @@ +// +using System; +using Bit.Core.Repositories.EntityFramework; +using Microsoft.EntityFrameworkCore; +using Microsoft.EntityFrameworkCore.Infrastructure; +using Microsoft.EntityFrameworkCore.Migrations; +using Microsoft.EntityFrameworkCore.Storage.ValueConversion; + +namespace Bit.MySqlMigrations.Migrations +{ + [DbContext(typeof(DatabaseContext))] + [Migration("20210921200227_SplitManageCollectionsPermissions")] + partial class SplitManageCollectionsPermissions + { + protected override void BuildTargetModel(ModelBuilder modelBuilder) + { +#pragma warning disable 612, 618 + modelBuilder + .HasAnnotation("Relational:MaxIdentifierLength", 64) + .HasAnnotation("ProductVersion", "5.0.9"); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Cipher", b => + { + b.Property("Id") + .HasColumnType("char(36)"); + + b.Property("Attachments") + .HasColumnType("longtext"); + + b.Property("CreationDate") + .HasColumnType("datetime(6)"); + + b.Property("Data") + .HasColumnType("longtext"); + + b.Property("DeletedDate") + .HasColumnType("datetime(6)"); + + b.Property("Favorites") + .HasColumnType("longtext"); + + b.Property("Folders") + .HasColumnType("longtext"); + + b.Property("OrganizationId") + .HasColumnType("char(36)"); + + b.Property("Reprompt") + .HasColumnType("tinyint unsigned"); + + b.Property("RevisionDate") + .HasColumnType("datetime(6)"); + + b.Property("Type") + .HasColumnType("tinyint unsigned"); + + b.Property("UserId") + .HasColumnType("char(36)"); + + b.HasKey("Id"); + + b.HasIndex("OrganizationId"); + + b.HasIndex("UserId"); + + b.ToTable("Cipher"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Collection", b => + { + b.Property("Id") + .HasColumnType("char(36)"); + + b.Property("CreationDate") + .HasColumnType("datetime(6)"); + + b.Property("ExternalId") + .HasMaxLength(300) + .HasColumnType("varchar(300)"); + + b.Property("Name") + .HasColumnType("longtext"); + + b.Property("OrganizationId") + .HasColumnType("char(36)"); + + b.Property("RevisionDate") + .HasColumnType("datetime(6)"); + + b.HasKey("Id"); + + b.HasIndex("OrganizationId"); + + b.ToTable("Collection"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.CollectionCipher", b => + { + b.Property("CollectionId") + .HasColumnType("char(36)"); + + b.Property("CipherId") + .HasColumnType("char(36)"); + + b.HasKey("CollectionId", "CipherId"); + + b.HasIndex("CipherId"); + + b.ToTable("CollectionCipher"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.CollectionGroup", b => + { + b.Property("CollectionId") + .HasColumnType("char(36)"); + + b.Property("GroupId") + .HasColumnType("char(36)"); + + b.Property("HidePasswords") + .HasColumnType("tinyint(1)"); + + b.Property("ReadOnly") + .HasColumnType("tinyint(1)"); + + b.HasKey("CollectionId", "GroupId"); + + b.HasIndex("GroupId"); + + b.ToTable("CollectionGroups"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.CollectionUser", b => + { + b.Property("CollectionId") + .HasColumnType("char(36)"); + + b.Property("OrganizationUserId") + .HasColumnType("char(36)"); + + b.Property("HidePasswords") + .HasColumnType("tinyint(1)"); + + b.Property("ReadOnly") + .HasColumnType("tinyint(1)"); + + b.Property("UserId") + .HasColumnType("char(36)"); + + b.HasKey("CollectionId", "OrganizationUserId"); + + b.HasIndex("OrganizationUserId"); + + b.HasIndex("UserId"); + + b.ToTable("CollectionUsers"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Device", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("char(36)"); + + b.Property("CreationDate") + .HasColumnType("datetime(6)"); + + b.Property("Identifier") + .HasMaxLength(50) + .HasColumnType("varchar(50)"); + + b.Property("Name") + .HasMaxLength(50) + .HasColumnType("varchar(50)"); + + b.Property("PushToken") + .HasMaxLength(255) + .HasColumnType("varchar(255)"); + + b.Property("RevisionDate") + .HasColumnType("datetime(6)"); + + b.Property("Type") + .HasColumnType("tinyint unsigned"); + + b.Property("UserId") + .HasColumnType("char(36)"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("Device"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.EmergencyAccess", b => + { + b.Property("Id") + .HasColumnType("char(36)"); + + b.Property("CreationDate") + .HasColumnType("datetime(6)"); + + b.Property("Email") + .HasMaxLength(256) + .HasColumnType("varchar(256)"); + + b.Property("GranteeId") + .HasColumnType("char(36)"); + + b.Property("GrantorId") + .HasColumnType("char(36)"); + + b.Property("KeyEncrypted") + .HasColumnType("longtext"); + + b.Property("LastNotificationDate") + .HasColumnType("datetime(6)"); + + b.Property("RecoveryInitiatedDate") + .HasColumnType("datetime(6)"); + + b.Property("RevisionDate") + .HasColumnType("datetime(6)"); + + b.Property("Status") + .HasColumnType("tinyint unsigned"); + + b.Property("Type") + .HasColumnType("tinyint unsigned"); + + b.Property("WaitTimeDays") + .HasColumnType("int"); + + b.HasKey("Id"); + + b.HasIndex("GranteeId"); + + b.HasIndex("GrantorId"); + + b.ToTable("EmergencyAccess"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Event", b => + { + b.Property("Id") + .HasColumnType("char(36)"); + + b.Property("ActingUserId") + .HasColumnType("char(36)"); + + b.Property("CipherId") + .HasColumnType("char(36)"); + + b.Property("CollectionId") + .HasColumnType("char(36)"); + + b.Property("Date") + .HasColumnType("datetime(6)"); + + b.Property("DeviceType") + .HasColumnType("tinyint unsigned"); + + b.Property("GroupId") + .HasColumnType("char(36)"); + + b.Property("IpAddress") + .HasMaxLength(50) + .HasColumnType("varchar(50)"); + + b.Property("OrganizationId") + .HasColumnType("char(36)"); + + b.Property("OrganizationUserId") + .HasColumnType("char(36)"); + + b.Property("PolicyId") + .HasColumnType("char(36)"); + + b.Property("ProviderId") + .HasColumnType("char(36)"); + + b.Property("ProviderOrganizationId") + .HasColumnType("char(36)"); + + b.Property("ProviderUserId") + .HasColumnType("char(36)"); + + b.Property("Type") + .HasColumnType("int"); + + b.Property("UserId") + .HasColumnType("char(36)"); + + b.HasKey("Id"); + + b.ToTable("Event"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Folder", b => + { + b.Property("Id") + .HasColumnType("char(36)"); + + b.Property("CreationDate") + .HasColumnType("datetime(6)"); + + b.Property("Name") + .HasColumnType("longtext"); + + b.Property("RevisionDate") + .HasColumnType("datetime(6)"); + + b.Property("UserId") + .HasColumnType("char(36)"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("Folder"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Grant", b => + { + b.Property("Key") + .HasMaxLength(200) + .HasColumnType("varchar(200)"); + + b.Property("ClientId") + .HasMaxLength(200) + .HasColumnType("varchar(200)"); + + b.Property("ConsumedDate") + .HasColumnType("datetime(6)"); + + b.Property("CreationDate") + .HasColumnType("datetime(6)"); + + b.Property("Data") + .HasColumnType("longtext"); + + b.Property("Description") + .HasMaxLength(200) + .HasColumnType("varchar(200)"); + + b.Property("ExpirationDate") + .HasColumnType("datetime(6)"); + + b.Property("SessionId") + .HasMaxLength(100) + .HasColumnType("varchar(100)"); + + b.Property("SubjectId") + .HasMaxLength(200) + .HasColumnType("varchar(200)"); + + b.Property("Type") + .HasMaxLength(50) + .HasColumnType("varchar(50)"); + + b.HasKey("Key"); + + b.ToTable("Grant"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Group", b => + { + b.Property("Id") + .HasColumnType("char(36)"); + + b.Property("AccessAll") + .HasColumnType("tinyint(1)"); + + b.Property("CreationDate") + .HasColumnType("datetime(6)"); + + b.Property("ExternalId") + .HasMaxLength(300) + .HasColumnType("varchar(300)"); + + b.Property("Name") + .HasMaxLength(100) + .HasColumnType("varchar(100)"); + + b.Property("OrganizationId") + .HasColumnType("char(36)"); + + b.Property("RevisionDate") + .HasColumnType("datetime(6)"); + + b.HasKey("Id"); + + b.HasIndex("OrganizationId"); + + b.ToTable("Group"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.GroupUser", b => + { + b.Property("GroupId") + .HasColumnType("char(36)"); + + b.Property("OrganizationUserId") + .HasColumnType("char(36)"); + + b.Property("UserId") + .HasColumnType("char(36)"); + + b.HasKey("GroupId", "OrganizationUserId"); + + b.HasIndex("OrganizationUserId"); + + b.HasIndex("UserId"); + + b.ToTable("GroupUser"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Installation", b => + { + b.Property("Id") + .HasColumnType("char(36)"); + + b.Property("CreationDate") + .HasColumnType("datetime(6)"); + + b.Property("Email") + .HasMaxLength(256) + .HasColumnType("varchar(256)"); + + b.Property("Enabled") + .HasColumnType("tinyint(1)"); + + b.Property("Key") + .HasMaxLength(150) + .HasColumnType("varchar(150)"); + + b.HasKey("Id"); + + b.ToTable("Installation"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Organization", b => + { + b.Property("Id") + .HasColumnType("char(36)"); + + b.Property("ApiKey") + .HasMaxLength(30) + .HasColumnType("varchar(30)"); + + b.Property("BillingEmail") + .HasMaxLength(256) + .HasColumnType("varchar(256)"); + + b.Property("BusinessAddress1") + .HasMaxLength(50) + .HasColumnType("varchar(50)"); + + b.Property("BusinessAddress2") + .HasMaxLength(50) + .HasColumnType("varchar(50)"); + + b.Property("BusinessAddress3") + .HasMaxLength(50) + .HasColumnType("varchar(50)"); + + b.Property("BusinessCountry") + .HasMaxLength(2) + .HasColumnType("varchar(2)"); + + b.Property("BusinessName") + .HasMaxLength(50) + .HasColumnType("varchar(50)"); + + b.Property("BusinessTaxNumber") + .HasMaxLength(30) + .HasColumnType("varchar(30)"); + + b.Property("CreationDate") + .HasColumnType("datetime(6)"); + + b.Property("Enabled") + .HasColumnType("tinyint(1)"); + + b.Property("ExpirationDate") + .HasColumnType("datetime(6)"); + + b.Property("Gateway") + .HasColumnType("tinyint unsigned"); + + b.Property("GatewayCustomerId") + .HasMaxLength(50) + .HasColumnType("varchar(50)"); + + b.Property("GatewaySubscriptionId") + .HasMaxLength(50) + .HasColumnType("varchar(50)"); + + b.Property("Identifier") + .HasMaxLength(50) + .HasColumnType("varchar(50)"); + + b.Property("LicenseKey") + .HasMaxLength(100) + .HasColumnType("varchar(100)"); + + b.Property("MaxCollections") + .HasColumnType("smallint"); + + b.Property("MaxStorageGb") + .HasColumnType("smallint"); + + b.Property("Name") + .HasMaxLength(50) + .HasColumnType("varchar(50)"); + + b.Property("Plan") + .HasMaxLength(50) + .HasColumnType("varchar(50)"); + + b.Property("PlanType") + .HasColumnType("tinyint unsigned"); + + b.Property("PrivateKey") + .HasColumnType("longtext"); + + b.Property("PublicKey") + .HasColumnType("longtext"); + + b.Property("ReferenceData") + .HasColumnType("longtext"); + + b.Property("RevisionDate") + .HasColumnType("datetime(6)"); + + b.Property("Seats") + .HasColumnType("int"); + + b.Property("SelfHost") + .HasColumnType("tinyint(1)"); + + b.Property("Storage") + .HasColumnType("bigint"); + + b.Property("TwoFactorProviders") + .HasColumnType("longtext"); + + b.Property("Use2fa") + .HasColumnType("tinyint(1)"); + + b.Property("UseApi") + .HasColumnType("tinyint(1)"); + + b.Property("UseDirectory") + .HasColumnType("tinyint(1)"); + + b.Property("UseEvents") + .HasColumnType("tinyint(1)"); + + b.Property("UseGroups") + .HasColumnType("tinyint(1)"); + + b.Property("UsePolicies") + .HasColumnType("tinyint(1)"); + + b.Property("UseResetPassword") + .HasColumnType("tinyint(1)"); + + b.Property("UseSso") + .HasColumnType("tinyint(1)"); + + b.Property("UseTotp") + .HasColumnType("tinyint(1)"); + + b.Property("UsersGetPremium") + .HasColumnType("tinyint(1)"); + + b.HasKey("Id"); + + b.ToTable("Organization"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.OrganizationUser", b => + { + b.Property("Id") + .HasColumnType("char(36)"); + + b.Property("AccessAll") + .HasColumnType("tinyint(1)"); + + b.Property("CreationDate") + .HasColumnType("datetime(6)"); + + b.Property("Email") + .HasMaxLength(256) + .HasColumnType("varchar(256)"); + + b.Property("ExternalId") + .HasMaxLength(300) + .HasColumnType("varchar(300)"); + + b.Property("Key") + .HasColumnType("longtext"); + + b.Property("OrganizationId") + .HasColumnType("char(36)"); + + b.Property("Permissions") + .HasColumnType("longtext"); + + b.Property("ResetPasswordKey") + .HasColumnType("longtext"); + + b.Property("RevisionDate") + .HasColumnType("datetime(6)"); + + b.Property("Status") + .HasColumnType("tinyint unsigned"); + + b.Property("Type") + .HasColumnType("tinyint unsigned"); + + b.Property("UserId") + .HasColumnType("char(36)"); + + b.HasKey("Id"); + + b.HasIndex("OrganizationId"); + + b.HasIndex("UserId"); + + b.ToTable("OrganizationUser"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Policy", b => + { + b.Property("Id") + .HasColumnType("char(36)"); + + b.Property("CreationDate") + .HasColumnType("datetime(6)"); + + b.Property("Data") + .HasColumnType("longtext"); + + b.Property("Enabled") + .HasColumnType("tinyint(1)"); + + b.Property("OrganizationId") + .HasColumnType("char(36)"); + + b.Property("RevisionDate") + .HasColumnType("datetime(6)"); + + b.Property("Type") + .HasColumnType("tinyint unsigned"); + + b.HasKey("Id"); + + b.HasIndex("OrganizationId"); + + b.ToTable("Policy"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Provider.Provider", b => + { + b.Property("Id") + .HasColumnType("char(36)"); + + b.Property("BillingEmail") + .HasColumnType("longtext"); + + b.Property("BusinessAddress1") + .HasColumnType("longtext"); + + b.Property("BusinessAddress2") + .HasColumnType("longtext"); + + b.Property("BusinessAddress3") + .HasColumnType("longtext"); + + b.Property("BusinessCountry") + .HasColumnType("longtext"); + + b.Property("BusinessName") + .HasColumnType("longtext"); + + b.Property("BusinessTaxNumber") + .HasColumnType("longtext"); + + b.Property("CreationDate") + .HasColumnType("datetime(6)"); + + b.Property("Enabled") + .HasColumnType("tinyint(1)"); + + b.Property("Name") + .HasColumnType("longtext"); + + b.Property("RevisionDate") + .HasColumnType("datetime(6)"); + + b.Property("Status") + .HasColumnType("tinyint unsigned"); + + b.Property("UseEvents") + .HasColumnType("tinyint(1)"); + + b.HasKey("Id"); + + b.ToTable("Provider"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Provider.ProviderOrganization", b => + { + b.Property("Id") + .HasColumnType("char(36)"); + + b.Property("CreationDate") + .HasColumnType("datetime(6)"); + + b.Property("Key") + .HasColumnType("longtext"); + + b.Property("OrganizationId") + .HasColumnType("char(36)"); + + b.Property("ProviderId") + .HasColumnType("char(36)"); + + b.Property("RevisionDate") + .HasColumnType("datetime(6)"); + + b.Property("Settings") + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.HasIndex("OrganizationId"); + + b.HasIndex("ProviderId"); + + b.ToTable("ProviderOrganization"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Provider.ProviderUser", b => + { + b.Property("Id") + .HasColumnType("char(36)"); + + b.Property("CreationDate") + .HasColumnType("datetime(6)"); + + b.Property("Email") + .HasColumnType("longtext"); + + b.Property("Key") + .HasColumnType("longtext"); + + b.Property("Permissions") + .HasColumnType("longtext"); + + b.Property("ProviderId") + .HasColumnType("char(36)"); + + b.Property("RevisionDate") + .HasColumnType("datetime(6)"); + + b.Property("Status") + .HasColumnType("tinyint unsigned"); + + b.Property("Type") + .HasColumnType("tinyint unsigned"); + + b.Property("UserId") + .HasColumnType("char(36)"); + + b.HasKey("Id"); + + b.HasIndex("ProviderId"); + + b.HasIndex("UserId"); + + b.ToTable("ProviderUser"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Send", b => + { + b.Property("Id") + .HasColumnType("char(36)"); + + b.Property("AccessCount") + .HasColumnType("int"); + + b.Property("CreationDate") + .HasColumnType("datetime(6)"); + + b.Property("Data") + .HasColumnType("longtext"); + + b.Property("DeletionDate") + .HasColumnType("datetime(6)"); + + b.Property("Disabled") + .HasColumnType("tinyint(1)"); + + b.Property("ExpirationDate") + .HasColumnType("datetime(6)"); + + b.Property("HideEmail") + .HasColumnType("tinyint(1)"); + + b.Property("Key") + .HasColumnType("longtext"); + + b.Property("MaxAccessCount") + .HasColumnType("int"); + + b.Property("OrganizationId") + .HasColumnType("char(36)"); + + b.Property("Password") + .HasMaxLength(300) + .HasColumnType("varchar(300)"); + + b.Property("RevisionDate") + .HasColumnType("datetime(6)"); + + b.Property("Type") + .HasColumnType("tinyint unsigned"); + + b.Property("UserId") + .HasColumnType("char(36)"); + + b.HasKey("Id"); + + b.HasIndex("OrganizationId"); + + b.HasIndex("UserId"); + + b.ToTable("Send"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.SsoConfig", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("bigint"); + + b.Property("CreationDate") + .HasColumnType("datetime(6)"); + + b.Property("Data") + .HasColumnType("longtext"); + + b.Property("Enabled") + .HasColumnType("tinyint(1)"); + + b.Property("OrganizationId") + .HasColumnType("char(36)"); + + b.Property("RevisionDate") + .HasColumnType("datetime(6)"); + + b.HasKey("Id"); + + b.HasIndex("OrganizationId"); + + b.ToTable("SsoConfig"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.SsoUser", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("bigint"); + + b.Property("CreationDate") + .HasColumnType("datetime(6)"); + + b.Property("ExternalId") + .HasMaxLength(50) + .HasColumnType("varchar(50)"); + + b.Property("OrganizationId") + .HasColumnType("char(36)"); + + b.Property("UserId") + .HasColumnType("char(36)"); + + b.HasKey("Id"); + + b.HasIndex("OrganizationId"); + + b.HasIndex("UserId"); + + b.ToTable("SsoUser"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.TaxRate", b => + { + b.Property("Id") + .HasMaxLength(40) + .HasColumnType("varchar(40)"); + + b.Property("Active") + .HasColumnType("tinyint(1)"); + + b.Property("Country") + .HasMaxLength(50) + .HasColumnType("varchar(50)"); + + b.Property("PostalCode") + .HasMaxLength(10) + .HasColumnType("varchar(10)"); + + b.Property("Rate") + .HasColumnType("decimal(65,30)"); + + b.Property("State") + .HasMaxLength(2) + .HasColumnType("varchar(2)"); + + b.HasKey("Id"); + + b.ToTable("TaxRate"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Transaction", b => + { + b.Property("Id") + .HasColumnType("char(36)"); + + b.Property("Amount") + .HasColumnType("decimal(65,30)"); + + b.Property("CreationDate") + .HasColumnType("datetime(6)"); + + b.Property("Details") + .HasMaxLength(100) + .HasColumnType("varchar(100)"); + + b.Property("Gateway") + .HasColumnType("tinyint unsigned"); + + b.Property("GatewayId") + .HasMaxLength(50) + .HasColumnType("varchar(50)"); + + b.Property("OrganizationId") + .HasColumnType("char(36)"); + + b.Property("PaymentMethodType") + .HasColumnType("tinyint unsigned"); + + b.Property("Refunded") + .HasColumnType("tinyint(1)"); + + b.Property("RefundedAmount") + .HasColumnType("decimal(65,30)"); + + b.Property("Type") + .HasColumnType("tinyint unsigned"); + + b.Property("UserId") + .HasColumnType("char(36)"); + + b.HasKey("Id"); + + b.HasIndex("OrganizationId"); + + b.HasIndex("UserId"); + + b.ToTable("Transaction"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.U2f", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + b.Property("AppId") + .HasMaxLength(50) + .HasColumnType("varchar(50)"); + + b.Property("Challenge") + .HasMaxLength(200) + .HasColumnType("varchar(200)"); + + b.Property("CreationDate") + .HasColumnType("datetime(6)"); + + b.Property("KeyHandle") + .HasMaxLength(200) + .HasColumnType("varchar(200)"); + + b.Property("UserId") + .HasColumnType("char(36)"); + + b.Property("Version") + .HasMaxLength(20) + .HasColumnType("varchar(20)"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("U2f"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.User", b => + { + b.Property("Id") + .HasColumnType("char(36)"); + + b.Property("AccountRevisionDate") + .HasColumnType("datetime(6)"); + + b.Property("ApiKey") + .IsRequired() + .HasMaxLength(30) + .HasColumnType("varchar(30)"); + + b.Property("CreationDate") + .HasColumnType("datetime(6)"); + + b.Property("Culture") + .HasMaxLength(10) + .HasColumnType("varchar(10)"); + + b.Property("Email") + .IsRequired() + .HasMaxLength(256) + .HasColumnType("varchar(256)"); + + b.Property("EmailVerified") + .HasColumnType("tinyint(1)"); + + b.Property("EquivalentDomains") + .HasColumnType("longtext"); + + b.Property("ExcludedGlobalEquivalentDomains") + .HasColumnType("longtext"); + + b.Property("ForcePasswordReset") + .HasColumnType("tinyint(1)"); + + b.Property("Gateway") + .HasColumnType("tinyint unsigned"); + + b.Property("GatewayCustomerId") + .HasMaxLength(50) + .HasColumnType("varchar(50)"); + + b.Property("GatewaySubscriptionId") + .HasMaxLength(50) + .HasColumnType("varchar(50)"); + + b.Property("Kdf") + .HasColumnType("tinyint unsigned"); + + b.Property("KdfIterations") + .HasColumnType("int"); + + b.Property("Key") + .HasColumnType("longtext"); + + b.Property("LicenseKey") + .HasMaxLength(100) + .HasColumnType("varchar(100)"); + + b.Property("MasterPassword") + .HasMaxLength(300) + .HasColumnType("varchar(300)"); + + b.Property("MasterPasswordHint") + .HasMaxLength(50) + .HasColumnType("varchar(50)"); + + b.Property("MaxStorageGb") + .HasColumnType("smallint"); + + b.Property("Name") + .HasMaxLength(50) + .HasColumnType("varchar(50)"); + + b.Property("Premium") + .HasColumnType("tinyint(1)"); + + b.Property("PremiumExpirationDate") + .HasColumnType("datetime(6)"); + + b.Property("PrivateKey") + .HasColumnType("longtext"); + + b.Property("PublicKey") + .HasColumnType("longtext"); + + b.Property("ReferenceData") + .HasColumnType("longtext"); + + b.Property("RenewalReminderDate") + .HasColumnType("datetime(6)"); + + b.Property("RevisionDate") + .HasColumnType("datetime(6)"); + + b.Property("SecurityStamp") + .IsRequired() + .HasMaxLength(50) + .HasColumnType("varchar(50)"); + + b.Property("Storage") + .HasColumnType("bigint"); + + b.Property("TwoFactorProviders") + .HasColumnType("longtext"); + + b.Property("TwoFactorRecoveryCode") + .HasMaxLength(32) + .HasColumnType("varchar(32)"); + + b.HasKey("Id"); + + b.ToTable("User"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Cipher", b => + { + b.HasOne("Bit.Core.Models.EntityFramework.Organization", "Organization") + .WithMany("Ciphers") + .HasForeignKey("OrganizationId"); + + b.HasOne("Bit.Core.Models.EntityFramework.User", "User") + .WithMany("Ciphers") + .HasForeignKey("UserId"); + + b.Navigation("Organization"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Collection", b => + { + b.HasOne("Bit.Core.Models.EntityFramework.Organization", "Organization") + .WithMany() + .HasForeignKey("OrganizationId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Organization"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.CollectionCipher", b => + { + b.HasOne("Bit.Core.Models.EntityFramework.Cipher", "Cipher") + .WithMany("CollectionCiphers") + .HasForeignKey("CipherId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("Bit.Core.Models.EntityFramework.Collection", "Collection") + .WithMany("CollectionCiphers") + .HasForeignKey("CollectionId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Cipher"); + + b.Navigation("Collection"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.CollectionGroup", b => + { + b.HasOne("Bit.Core.Models.EntityFramework.Collection", "Collection") + .WithMany("CollectionGroups") + .HasForeignKey("CollectionId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("Bit.Core.Models.EntityFramework.Group", "Group") + .WithMany() + .HasForeignKey("GroupId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Collection"); + + b.Navigation("Group"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.CollectionUser", b => + { + b.HasOne("Bit.Core.Models.EntityFramework.Collection", "Collection") + .WithMany("CollectionUsers") + .HasForeignKey("CollectionId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("Bit.Core.Models.EntityFramework.OrganizationUser", "OrganizationUser") + .WithMany("CollectionUsers") + .HasForeignKey("OrganizationUserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("Bit.Core.Models.EntityFramework.User", null) + .WithMany("CollectionUsers") + .HasForeignKey("UserId"); + + b.Navigation("Collection"); + + b.Navigation("OrganizationUser"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Device", b => + { + b.HasOne("Bit.Core.Models.EntityFramework.User", "User") + .WithMany() + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.EmergencyAccess", b => + { + b.HasOne("Bit.Core.Models.EntityFramework.User", "Grantee") + .WithMany() + .HasForeignKey("GranteeId"); + + b.HasOne("Bit.Core.Models.EntityFramework.User", "Grantor") + .WithMany() + .HasForeignKey("GrantorId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Grantee"); + + b.Navigation("Grantor"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Folder", b => + { + b.HasOne("Bit.Core.Models.EntityFramework.User", "User") + .WithMany("Folders") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Group", b => + { + b.HasOne("Bit.Core.Models.EntityFramework.Organization", "Organization") + .WithMany("Groups") + .HasForeignKey("OrganizationId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Organization"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.GroupUser", b => + { + b.HasOne("Bit.Core.Models.EntityFramework.Group", "Group") + .WithMany("GroupUsers") + .HasForeignKey("GroupId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("Bit.Core.Models.EntityFramework.OrganizationUser", "OrganizationUser") + .WithMany() + .HasForeignKey("OrganizationUserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("Bit.Core.Models.EntityFramework.User", null) + .WithMany("GroupUsers") + .HasForeignKey("UserId"); + + b.Navigation("Group"); + + b.Navigation("OrganizationUser"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.OrganizationUser", b => + { + b.HasOne("Bit.Core.Models.EntityFramework.Organization", "Organization") + .WithMany("OrganizationUsers") + .HasForeignKey("OrganizationId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("Bit.Core.Models.EntityFramework.User", "User") + .WithMany("OrganizationUsers") + .HasForeignKey("UserId"); + + b.Navigation("Organization"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Policy", b => + { + b.HasOne("Bit.Core.Models.EntityFramework.Organization", "Organization") + .WithMany("Policies") + .HasForeignKey("OrganizationId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Organization"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Provider.ProviderOrganization", b => + { + b.HasOne("Bit.Core.Models.EntityFramework.Organization", "Organization") + .WithMany() + .HasForeignKey("OrganizationId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("Bit.Core.Models.EntityFramework.Provider.Provider", "Provider") + .WithMany() + .HasForeignKey("ProviderId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Organization"); + + b.Navigation("Provider"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Provider.ProviderUser", b => + { + b.HasOne("Bit.Core.Models.EntityFramework.Provider.Provider", "Provider") + .WithMany() + .HasForeignKey("ProviderId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("Bit.Core.Models.EntityFramework.User", "User") + .WithMany() + .HasForeignKey("UserId"); + + b.Navigation("Provider"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Send", b => + { + b.HasOne("Bit.Core.Models.EntityFramework.Organization", "Organization") + .WithMany() + .HasForeignKey("OrganizationId"); + + b.HasOne("Bit.Core.Models.EntityFramework.User", "User") + .WithMany() + .HasForeignKey("UserId"); + + b.Navigation("Organization"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.SsoConfig", b => + { + b.HasOne("Bit.Core.Models.EntityFramework.Organization", "Organization") + .WithMany("SsoConfigs") + .HasForeignKey("OrganizationId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Organization"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.SsoUser", b => + { + b.HasOne("Bit.Core.Models.EntityFramework.Organization", "Organization") + .WithMany("SsoUsers") + .HasForeignKey("OrganizationId"); + + b.HasOne("Bit.Core.Models.EntityFramework.User", "User") + .WithMany("SsoUsers") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Organization"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Transaction", b => + { + b.HasOne("Bit.Core.Models.EntityFramework.Organization", "Organization") + .WithMany("Transactions") + .HasForeignKey("OrganizationId"); + + b.HasOne("Bit.Core.Models.EntityFramework.User", "User") + .WithMany("Transactions") + .HasForeignKey("UserId"); + + b.Navigation("Organization"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.U2f", b => + { + b.HasOne("Bit.Core.Models.EntityFramework.User", "User") + .WithMany("U2fs") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Cipher", b => + { + b.Navigation("CollectionCiphers"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Collection", b => + { + b.Navigation("CollectionCiphers"); + + b.Navigation("CollectionGroups"); + + b.Navigation("CollectionUsers"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Group", b => + { + b.Navigation("GroupUsers"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Organization", b => + { + b.Navigation("Ciphers"); + + b.Navigation("Groups"); + + b.Navigation("OrganizationUsers"); + + b.Navigation("Policies"); + + b.Navigation("SsoConfigs"); + + b.Navigation("SsoUsers"); + + b.Navigation("Transactions"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.OrganizationUser", b => + { + b.Navigation("CollectionUsers"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.User", b => + { + b.Navigation("Ciphers"); + + b.Navigation("CollectionUsers"); + + b.Navigation("Folders"); + + b.Navigation("GroupUsers"); + + b.Navigation("OrganizationUsers"); + + b.Navigation("SsoUsers"); + + b.Navigation("Transactions"); + + b.Navigation("U2fs"); + }); +#pragma warning restore 612, 618 + } + } +} diff --git a/util/MySqlMigrations/Migrations/20210921200227_SplitManageCollectionsPermissions.cs b/util/MySqlMigrations/Migrations/20210921200227_SplitManageCollectionsPermissions.cs new file mode 100644 index 0000000000..91056444d9 --- /dev/null +++ b/util/MySqlMigrations/Migrations/20210921200227_SplitManageCollectionsPermissions.cs @@ -0,0 +1,22 @@ +using System; +using Bit.Core.Utilities; +using Microsoft.EntityFrameworkCore.Migrations; + +namespace Bit.MySqlMigrations.Migrations +{ + public partial class SplitManageCollectionsPermissions : Migration + { + private const string _scriptLocation = + "MySqlMigrations.Scripts.2021-09-21_00_SplitManageCollectionsPermission.sql"; + + protected override void Up(MigrationBuilder migrationBuilder) + { + migrationBuilder.Sql(CoreHelpers.GetEmbeddedResourceContentsAsync(_scriptLocation)); + } + + protected override void Down(MigrationBuilder migrationBuilder) + { + throw new Exception("Irreversible migration"); + } + } +} diff --git a/util/MySqlMigrations/MySqlMigrations.csproj b/util/MySqlMigrations/MySqlMigrations.csproj index d1f67c3af2..49a3b77644 100644 --- a/util/MySqlMigrations/MySqlMigrations.csproj +++ b/util/MySqlMigrations/MySqlMigrations.csproj @@ -16,4 +16,10 @@ + + + + + + diff --git a/util/MySqlMigrations/Scripts/2021-09-21_00_SplitManageCollectionsPermission.sql b/util/MySqlMigrations/Scripts/2021-09-21_00_SplitManageCollectionsPermission.sql new file mode 100644 index 0000000000..d2ba40f63e --- /dev/null +++ b/util/MySqlMigrations/Scripts/2021-09-21_00_SplitManageCollectionsPermission.sql @@ -0,0 +1,56 @@ +-- Split Manage Assigned Collections into edit and delete +UPDATE `bw-vault`.`OrganizationUser` +SET `Permissions` = + JSON_INSERT( + `Permissions`, + '$.editAssignedCollections', + IFNULL( + IFNULL( + JSON_EXTRACT(`Permissions`,'$.editAssignedCollections'), + JSON_EXTRACT(`Permissions`, '$.manageAssignedCollections')), + false), + '$.deleteAssignedCollections', + IFNULL( + IFNULL( + JSON_EXTRACT(`Permissions`, '$.deleteAssignedCollections'), + JSON_EXTRACT(`Permissions`, '$.manageAssignedCollections')), + false) + ) +WHERE `Permissions` IS NOT NULL + AND JSON_VALID(`Permissions`) > 0 + AND ( + JSON_EXTRACT(`Permissions`, '$.editAssignedCollections') IS NULL + OR JSON_EXTRACT(`Permissions`, '$.deleteAssignedCollections') IS NULL + ); + +-- Split Manage All Collections into create, edit, and delete +UPDATE `bw-vault`.`OrganizationUser` +SET `Permissions` = + JSON_INSERT( + `Permissions`, + '$.createNewCollections', + IFNULL( + IFNULL( + JSON_EXTRACT(`Permissions`, '$.createNewColletions'), + JSON_EXTRACT(`Permissions`, '$.manageAllCollections')), + false), + '$.editAnyCollection', + IFNULL( + IFNULL( + JSON_EXTRACT(`Permissions`, '$.editAnyCollection'), + JSON_EXTRACT(`Permissions`, '$.manageAllCollections')), + false), + '$.deleteAnyCollection', + IFNULL( + IFNULL( + JSON_EXTRACT(`Permissions`, '$.deleteAnyCollection'), + JSON_EXTRACT(`Permissions`, '$.manageAllCollections')), + false) + ) +WHERE `Permissions` IS NOT NULL + AND JSON_VALID(`Permissions`) > 0 + AND ( + JSON_EXTRACT(`Permissions`, '$.createNewCollections') IS NULL + OR JSON_EXTRACT(`Permissions`, '$.editAnyCollection') IS NULL + OR JSON_EXTRACT(`Permissions`, '$.deleteAnyCollection') IS NULL + ); diff --git a/util/PostgresMigrations/Migrations/20210921163012_SplitManageCollectionsPermissions.Designer.cs b/util/PostgresMigrations/Migrations/20210921163012_SplitManageCollectionsPermissions.Designer.cs new file mode 100644 index 0000000000..46a7850bd3 --- /dev/null +++ b/util/PostgresMigrations/Migrations/20210921163012_SplitManageCollectionsPermissions.Designer.cs @@ -0,0 +1,1495 @@ +// +using System; +using Bit.Core.Repositories.EntityFramework; +using Microsoft.EntityFrameworkCore; +using Microsoft.EntityFrameworkCore.Infrastructure; +using Microsoft.EntityFrameworkCore.Migrations; +using Microsoft.EntityFrameworkCore.Storage.ValueConversion; +using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata; + +namespace Bit.PostgresMigrations.Migrations +{ + [DbContext(typeof(DatabaseContext))] + [Migration("20210921163012_SplitManageCollectionsPermissions")] + partial class SplitManageCollectionsPermissions + { + protected override void BuildTargetModel(ModelBuilder modelBuilder) + { +#pragma warning disable 612, 618 + modelBuilder + .HasAnnotation("Npgsql:CollationDefinition:postgresIndetermanisticCollation", "en-u-ks-primary,en-u-ks-primary,icu,False") + .HasAnnotation("Relational:MaxIdentifierLength", 63) + .HasAnnotation("ProductVersion", "5.0.9") + .HasAnnotation("Npgsql:ValueGenerationStrategy", NpgsqlValueGenerationStrategy.IdentityByDefaultColumn); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Cipher", b => + { + b.Property("Id") + .HasColumnType("uuid"); + + b.Property("Attachments") + .HasColumnType("text"); + + b.Property("CreationDate") + .HasColumnType("timestamp without time zone"); + + b.Property("Data") + .HasColumnType("text"); + + b.Property("DeletedDate") + .HasColumnType("timestamp without time zone"); + + b.Property("Favorites") + .HasColumnType("text"); + + b.Property("Folders") + .HasColumnType("text"); + + b.Property("OrganizationId") + .HasColumnType("uuid"); + + b.Property("Reprompt") + .HasColumnType("smallint"); + + b.Property("RevisionDate") + .HasColumnType("timestamp without time zone"); + + b.Property("Type") + .HasColumnType("smallint"); + + b.Property("UserId") + .HasColumnType("uuid"); + + b.HasKey("Id"); + + b.HasIndex("OrganizationId"); + + b.HasIndex("UserId"); + + b.ToTable("Cipher"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Collection", b => + { + b.Property("Id") + .HasColumnType("uuid"); + + b.Property("CreationDate") + .HasColumnType("timestamp without time zone"); + + b.Property("ExternalId") + .HasMaxLength(300) + .HasColumnType("character varying(300)"); + + b.Property("Name") + .HasColumnType("text"); + + b.Property("OrganizationId") + .HasColumnType("uuid"); + + b.Property("RevisionDate") + .HasColumnType("timestamp without time zone"); + + b.HasKey("Id"); + + b.HasIndex("OrganizationId"); + + b.ToTable("Collection"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.CollectionCipher", b => + { + b.Property("CollectionId") + .HasColumnType("uuid"); + + b.Property("CipherId") + .HasColumnType("uuid"); + + b.HasKey("CollectionId", "CipherId"); + + b.HasIndex("CipherId"); + + b.ToTable("CollectionCipher"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.CollectionGroup", b => + { + b.Property("CollectionId") + .HasColumnType("uuid"); + + b.Property("GroupId") + .HasColumnType("uuid"); + + b.Property("HidePasswords") + .HasColumnType("boolean"); + + b.Property("ReadOnly") + .HasColumnType("boolean"); + + b.HasKey("CollectionId", "GroupId"); + + b.HasIndex("GroupId"); + + b.ToTable("CollectionGroups"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.CollectionUser", b => + { + b.Property("CollectionId") + .HasColumnType("uuid"); + + b.Property("OrganizationUserId") + .HasColumnType("uuid"); + + b.Property("HidePasswords") + .HasColumnType("boolean"); + + b.Property("ReadOnly") + .HasColumnType("boolean"); + + b.Property("UserId") + .HasColumnType("uuid"); + + b.HasKey("CollectionId", "OrganizationUserId"); + + b.HasIndex("OrganizationUserId"); + + b.HasIndex("UserId"); + + b.ToTable("CollectionUsers"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Device", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("uuid"); + + b.Property("CreationDate") + .HasColumnType("timestamp without time zone"); + + b.Property("Identifier") + .HasMaxLength(50) + .HasColumnType("character varying(50)"); + + b.Property("Name") + .HasMaxLength(50) + .HasColumnType("character varying(50)"); + + b.Property("PushToken") + .HasMaxLength(255) + .HasColumnType("character varying(255)"); + + b.Property("RevisionDate") + .HasColumnType("timestamp without time zone"); + + b.Property("Type") + .HasColumnType("smallint"); + + b.Property("UserId") + .HasColumnType("uuid"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("Device"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.EmergencyAccess", b => + { + b.Property("Id") + .HasColumnType("uuid"); + + b.Property("CreationDate") + .HasColumnType("timestamp without time zone"); + + b.Property("Email") + .HasMaxLength(256) + .HasColumnType("character varying(256)"); + + b.Property("GranteeId") + .HasColumnType("uuid"); + + b.Property("GrantorId") + .HasColumnType("uuid"); + + b.Property("KeyEncrypted") + .HasColumnType("text"); + + b.Property("LastNotificationDate") + .HasColumnType("timestamp without time zone"); + + b.Property("RecoveryInitiatedDate") + .HasColumnType("timestamp without time zone"); + + b.Property("RevisionDate") + .HasColumnType("timestamp without time zone"); + + b.Property("Status") + .HasColumnType("smallint"); + + b.Property("Type") + .HasColumnType("smallint"); + + b.Property("WaitTimeDays") + .HasColumnType("integer"); + + b.HasKey("Id"); + + b.HasIndex("GranteeId"); + + b.HasIndex("GrantorId"); + + b.ToTable("EmergencyAccess"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Event", b => + { + b.Property("Id") + .HasColumnType("uuid"); + + b.Property("ActingUserId") + .HasColumnType("uuid"); + + b.Property("CipherId") + .HasColumnType("uuid"); + + b.Property("CollectionId") + .HasColumnType("uuid"); + + b.Property("Date") + .HasColumnType("timestamp without time zone"); + + b.Property("DeviceType") + .HasColumnType("smallint"); + + b.Property("GroupId") + .HasColumnType("uuid"); + + b.Property("IpAddress") + .HasMaxLength(50) + .HasColumnType("character varying(50)"); + + b.Property("OrganizationId") + .HasColumnType("uuid"); + + b.Property("OrganizationUserId") + .HasColumnType("uuid"); + + b.Property("PolicyId") + .HasColumnType("uuid"); + + b.Property("ProviderId") + .HasColumnType("uuid"); + + b.Property("ProviderOrganizationId") + .HasColumnType("uuid"); + + b.Property("ProviderUserId") + .HasColumnType("uuid"); + + b.Property("Type") + .HasColumnType("integer"); + + b.Property("UserId") + .HasColumnType("uuid"); + + b.HasKey("Id"); + + b.ToTable("Event"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Folder", b => + { + b.Property("Id") + .HasColumnType("uuid"); + + b.Property("CreationDate") + .HasColumnType("timestamp without time zone"); + + b.Property("Name") + .HasColumnType("text"); + + b.Property("RevisionDate") + .HasColumnType("timestamp without time zone"); + + b.Property("UserId") + .HasColumnType("uuid"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("Folder"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Grant", b => + { + b.Property("Key") + .HasMaxLength(200) + .HasColumnType("character varying(200)"); + + b.Property("ClientId") + .HasMaxLength(200) + .HasColumnType("character varying(200)"); + + b.Property("ConsumedDate") + .HasColumnType("timestamp without time zone"); + + b.Property("CreationDate") + .HasColumnType("timestamp without time zone"); + + b.Property("Data") + .HasColumnType("text"); + + b.Property("Description") + .HasMaxLength(200) + .HasColumnType("character varying(200)"); + + b.Property("ExpirationDate") + .HasColumnType("timestamp without time zone"); + + b.Property("SessionId") + .HasMaxLength(100) + .HasColumnType("character varying(100)"); + + b.Property("SubjectId") + .HasMaxLength(200) + .HasColumnType("character varying(200)"); + + b.Property("Type") + .HasMaxLength(50) + .HasColumnType("character varying(50)"); + + b.HasKey("Key"); + + b.ToTable("Grant"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Group", b => + { + b.Property("Id") + .HasColumnType("uuid"); + + b.Property("AccessAll") + .HasColumnType("boolean"); + + b.Property("CreationDate") + .HasColumnType("timestamp without time zone"); + + b.Property("ExternalId") + .HasMaxLength(300) + .HasColumnType("character varying(300)"); + + b.Property("Name") + .HasMaxLength(100) + .HasColumnType("character varying(100)"); + + b.Property("OrganizationId") + .HasColumnType("uuid"); + + b.Property("RevisionDate") + .HasColumnType("timestamp without time zone"); + + b.HasKey("Id"); + + b.HasIndex("OrganizationId"); + + b.ToTable("Group"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.GroupUser", b => + { + b.Property("GroupId") + .HasColumnType("uuid"); + + b.Property("OrganizationUserId") + .HasColumnType("uuid"); + + b.Property("UserId") + .HasColumnType("uuid"); + + b.HasKey("GroupId", "OrganizationUserId"); + + b.HasIndex("OrganizationUserId"); + + b.HasIndex("UserId"); + + b.ToTable("GroupUser"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Installation", b => + { + b.Property("Id") + .HasColumnType("uuid"); + + b.Property("CreationDate") + .HasColumnType("timestamp without time zone"); + + b.Property("Email") + .HasMaxLength(256) + .HasColumnType("character varying(256)"); + + b.Property("Enabled") + .HasColumnType("boolean"); + + b.Property("Key") + .HasMaxLength(150) + .HasColumnType("character varying(150)"); + + b.HasKey("Id"); + + b.ToTable("Installation"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Organization", b => + { + b.Property("Id") + .HasColumnType("uuid"); + + b.Property("ApiKey") + .HasMaxLength(30) + .HasColumnType("character varying(30)"); + + b.Property("BillingEmail") + .HasMaxLength(256) + .HasColumnType("character varying(256)"); + + b.Property("BusinessAddress1") + .HasMaxLength(50) + .HasColumnType("character varying(50)"); + + b.Property("BusinessAddress2") + .HasMaxLength(50) + .HasColumnType("character varying(50)"); + + b.Property("BusinessAddress3") + .HasMaxLength(50) + .HasColumnType("character varying(50)"); + + b.Property("BusinessCountry") + .HasMaxLength(2) + .HasColumnType("character varying(2)"); + + b.Property("BusinessName") + .HasMaxLength(50) + .HasColumnType("character varying(50)"); + + b.Property("BusinessTaxNumber") + .HasMaxLength(30) + .HasColumnType("character varying(30)"); + + b.Property("CreationDate") + .HasColumnType("timestamp without time zone"); + + b.Property("Enabled") + .HasColumnType("boolean"); + + b.Property("ExpirationDate") + .HasColumnType("timestamp without time zone"); + + b.Property("Gateway") + .HasColumnType("smallint"); + + b.Property("GatewayCustomerId") + .HasMaxLength(50) + .HasColumnType("character varying(50)"); + + b.Property("GatewaySubscriptionId") + .HasMaxLength(50) + .HasColumnType("character varying(50)"); + + b.Property("Identifier") + .HasMaxLength(50) + .HasColumnType("character varying(50)") + .UseCollation("postgresIndetermanisticCollation"); + + b.Property("LicenseKey") + .HasMaxLength(100) + .HasColumnType("character varying(100)"); + + b.Property("MaxCollections") + .HasColumnType("smallint"); + + b.Property("MaxStorageGb") + .HasColumnType("smallint"); + + b.Property("Name") + .HasMaxLength(50) + .HasColumnType("character varying(50)"); + + b.Property("Plan") + .HasMaxLength(50) + .HasColumnType("character varying(50)"); + + b.Property("PlanType") + .HasColumnType("smallint"); + + b.Property("PrivateKey") + .HasColumnType("text"); + + b.Property("PublicKey") + .HasColumnType("text"); + + b.Property("ReferenceData") + .HasColumnType("text"); + + b.Property("RevisionDate") + .HasColumnType("timestamp without time zone"); + + b.Property("Seats") + .HasColumnType("integer"); + + b.Property("SelfHost") + .HasColumnType("boolean"); + + b.Property("Storage") + .HasColumnType("bigint"); + + b.Property("TwoFactorProviders") + .HasColumnType("text"); + + b.Property("Use2fa") + .HasColumnType("boolean"); + + b.Property("UseApi") + .HasColumnType("boolean"); + + b.Property("UseDirectory") + .HasColumnType("boolean"); + + b.Property("UseEvents") + .HasColumnType("boolean"); + + b.Property("UseGroups") + .HasColumnType("boolean"); + + b.Property("UsePolicies") + .HasColumnType("boolean"); + + b.Property("UseResetPassword") + .HasColumnType("boolean"); + + b.Property("UseSso") + .HasColumnType("boolean"); + + b.Property("UseTotp") + .HasColumnType("boolean"); + + b.Property("UsersGetPremium") + .HasColumnType("boolean"); + + b.HasKey("Id"); + + b.ToTable("Organization"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.OrganizationUser", b => + { + b.Property("Id") + .HasColumnType("uuid"); + + b.Property("AccessAll") + .HasColumnType("boolean"); + + b.Property("CreationDate") + .HasColumnType("timestamp without time zone"); + + b.Property("Email") + .HasMaxLength(256) + .HasColumnType("character varying(256)"); + + b.Property("ExternalId") + .HasMaxLength(300) + .HasColumnType("character varying(300)"); + + b.Property("Key") + .HasColumnType("text"); + + b.Property("OrganizationId") + .HasColumnType("uuid"); + + b.Property("Permissions") + .HasColumnType("text"); + + b.Property("ResetPasswordKey") + .HasColumnType("text"); + + b.Property("RevisionDate") + .HasColumnType("timestamp without time zone"); + + b.Property("Status") + .HasColumnType("smallint"); + + b.Property("Type") + .HasColumnType("smallint"); + + b.Property("UserId") + .HasColumnType("uuid"); + + b.HasKey("Id"); + + b.HasIndex("OrganizationId"); + + b.HasIndex("UserId"); + + b.ToTable("OrganizationUser"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Policy", b => + { + b.Property("Id") + .HasColumnType("uuid"); + + b.Property("CreationDate") + .HasColumnType("timestamp without time zone"); + + b.Property("Data") + .HasColumnType("text"); + + b.Property("Enabled") + .HasColumnType("boolean"); + + b.Property("OrganizationId") + .HasColumnType("uuid"); + + b.Property("RevisionDate") + .HasColumnType("timestamp without time zone"); + + b.Property("Type") + .HasColumnType("smallint"); + + b.HasKey("Id"); + + b.HasIndex("OrganizationId"); + + b.ToTable("Policy"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Provider.Provider", b => + { + b.Property("Id") + .HasColumnType("uuid"); + + b.Property("BillingEmail") + .HasColumnType("text"); + + b.Property("BusinessAddress1") + .HasColumnType("text"); + + b.Property("BusinessAddress2") + .HasColumnType("text"); + + b.Property("BusinessAddress3") + .HasColumnType("text"); + + b.Property("BusinessCountry") + .HasColumnType("text"); + + b.Property("BusinessName") + .HasColumnType("text"); + + b.Property("BusinessTaxNumber") + .HasColumnType("text"); + + b.Property("CreationDate") + .HasColumnType("timestamp without time zone"); + + b.Property("Enabled") + .HasColumnType("boolean"); + + b.Property("Name") + .HasColumnType("text"); + + b.Property("RevisionDate") + .HasColumnType("timestamp without time zone"); + + b.Property("Status") + .HasColumnType("smallint"); + + b.Property("UseEvents") + .HasColumnType("boolean"); + + b.HasKey("Id"); + + b.ToTable("Provider"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Provider.ProviderOrganization", b => + { + b.Property("Id") + .HasColumnType("uuid"); + + b.Property("CreationDate") + .HasColumnType("timestamp without time zone"); + + b.Property("Key") + .HasColumnType("text"); + + b.Property("OrganizationId") + .HasColumnType("uuid"); + + b.Property("ProviderId") + .HasColumnType("uuid"); + + b.Property("RevisionDate") + .HasColumnType("timestamp without time zone"); + + b.Property("Settings") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("OrganizationId"); + + b.HasIndex("ProviderId"); + + b.ToTable("ProviderOrganization"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Provider.ProviderUser", b => + { + b.Property("Id") + .HasColumnType("uuid"); + + b.Property("CreationDate") + .HasColumnType("timestamp without time zone"); + + b.Property("Email") + .HasColumnType("text"); + + b.Property("Key") + .HasColumnType("text"); + + b.Property("Permissions") + .HasColumnType("text"); + + b.Property("ProviderId") + .HasColumnType("uuid"); + + b.Property("RevisionDate") + .HasColumnType("timestamp without time zone"); + + b.Property("Status") + .HasColumnType("smallint"); + + b.Property("Type") + .HasColumnType("smallint"); + + b.Property("UserId") + .HasColumnType("uuid"); + + b.HasKey("Id"); + + b.HasIndex("ProviderId"); + + b.HasIndex("UserId"); + + b.ToTable("ProviderUser"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Send", b => + { + b.Property("Id") + .HasColumnType("uuid"); + + b.Property("AccessCount") + .HasColumnType("integer"); + + b.Property("CreationDate") + .HasColumnType("timestamp without time zone"); + + b.Property("Data") + .HasColumnType("text"); + + b.Property("DeletionDate") + .HasColumnType("timestamp without time zone"); + + b.Property("Disabled") + .HasColumnType("boolean"); + + b.Property("ExpirationDate") + .HasColumnType("timestamp without time zone"); + + b.Property("HideEmail") + .HasColumnType("boolean"); + + b.Property("Key") + .HasColumnType("text"); + + b.Property("MaxAccessCount") + .HasColumnType("integer"); + + b.Property("OrganizationId") + .HasColumnType("uuid"); + + b.Property("Password") + .HasMaxLength(300) + .HasColumnType("character varying(300)"); + + b.Property("RevisionDate") + .HasColumnType("timestamp without time zone"); + + b.Property("Type") + .HasColumnType("smallint"); + + b.Property("UserId") + .HasColumnType("uuid"); + + b.HasKey("Id"); + + b.HasIndex("OrganizationId"); + + b.HasIndex("UserId"); + + b.ToTable("Send"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.SsoConfig", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("bigint") + .HasAnnotation("Npgsql:ValueGenerationStrategy", NpgsqlValueGenerationStrategy.IdentityByDefaultColumn); + + b.Property("CreationDate") + .HasColumnType("timestamp without time zone"); + + b.Property("Data") + .HasColumnType("text"); + + b.Property("Enabled") + .HasColumnType("boolean"); + + b.Property("OrganizationId") + .HasColumnType("uuid"); + + b.Property("RevisionDate") + .HasColumnType("timestamp without time zone"); + + b.HasKey("Id"); + + b.HasIndex("OrganizationId"); + + b.ToTable("SsoConfig"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.SsoUser", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("bigint") + .HasAnnotation("Npgsql:ValueGenerationStrategy", NpgsqlValueGenerationStrategy.IdentityByDefaultColumn); + + b.Property("CreationDate") + .HasColumnType("timestamp without time zone"); + + b.Property("ExternalId") + .HasMaxLength(50) + .HasColumnType("character varying(50)") + .UseCollation("postgresIndetermanisticCollation"); + + b.Property("OrganizationId") + .HasColumnType("uuid"); + + b.Property("UserId") + .HasColumnType("uuid"); + + b.HasKey("Id"); + + b.HasIndex("OrganizationId"); + + b.HasIndex("UserId"); + + b.ToTable("SsoUser"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.TaxRate", b => + { + b.Property("Id") + .HasMaxLength(40) + .HasColumnType("character varying(40)"); + + b.Property("Active") + .HasColumnType("boolean"); + + b.Property("Country") + .HasMaxLength(50) + .HasColumnType("character varying(50)"); + + b.Property("PostalCode") + .HasMaxLength(10) + .HasColumnType("character varying(10)"); + + b.Property("Rate") + .HasColumnType("numeric"); + + b.Property("State") + .HasMaxLength(2) + .HasColumnType("character varying(2)"); + + b.HasKey("Id"); + + b.ToTable("TaxRate"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Transaction", b => + { + b.Property("Id") + .HasColumnType("uuid"); + + b.Property("Amount") + .HasColumnType("numeric"); + + b.Property("CreationDate") + .HasColumnType("timestamp without time zone"); + + b.Property("Details") + .HasMaxLength(100) + .HasColumnType("character varying(100)"); + + b.Property("Gateway") + .HasColumnType("smallint"); + + b.Property("GatewayId") + .HasMaxLength(50) + .HasColumnType("character varying(50)"); + + b.Property("OrganizationId") + .HasColumnType("uuid"); + + b.Property("PaymentMethodType") + .HasColumnType("smallint"); + + b.Property("Refunded") + .HasColumnType("boolean"); + + b.Property("RefundedAmount") + .HasColumnType("numeric"); + + b.Property("Type") + .HasColumnType("smallint"); + + b.Property("UserId") + .HasColumnType("uuid"); + + b.HasKey("Id"); + + b.HasIndex("OrganizationId"); + + b.HasIndex("UserId"); + + b.ToTable("Transaction"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.U2f", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer") + .HasAnnotation("Npgsql:ValueGenerationStrategy", NpgsqlValueGenerationStrategy.IdentityByDefaultColumn); + + b.Property("AppId") + .HasMaxLength(50) + .HasColumnType("character varying(50)"); + + b.Property("Challenge") + .HasMaxLength(200) + .HasColumnType("character varying(200)"); + + b.Property("CreationDate") + .HasColumnType("timestamp without time zone"); + + b.Property("KeyHandle") + .HasMaxLength(200) + .HasColumnType("character varying(200)"); + + b.Property("UserId") + .HasColumnType("uuid"); + + b.Property("Version") + .HasMaxLength(20) + .HasColumnType("character varying(20)"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("U2f"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.User", b => + { + b.Property("Id") + .HasColumnType("uuid"); + + b.Property("AccountRevisionDate") + .HasColumnType("timestamp without time zone"); + + b.Property("ApiKey") + .IsRequired() + .HasMaxLength(30) + .HasColumnType("character varying(30)"); + + b.Property("CreationDate") + .HasColumnType("timestamp without time zone"); + + b.Property("Culture") + .HasMaxLength(10) + .HasColumnType("character varying(10)"); + + b.Property("Email") + .IsRequired() + .HasMaxLength(256) + .HasColumnType("character varying(256)") + .UseCollation("postgresIndetermanisticCollation"); + + b.Property("EmailVerified") + .HasColumnType("boolean"); + + b.Property("EquivalentDomains") + .HasColumnType("text"); + + b.Property("ExcludedGlobalEquivalentDomains") + .HasColumnType("text"); + + b.Property("ForcePasswordReset") + .HasColumnType("boolean"); + + b.Property("Gateway") + .HasColumnType("smallint"); + + b.Property("GatewayCustomerId") + .HasMaxLength(50) + .HasColumnType("character varying(50)"); + + b.Property("GatewaySubscriptionId") + .HasMaxLength(50) + .HasColumnType("character varying(50)"); + + b.Property("Kdf") + .HasColumnType("smallint"); + + b.Property("KdfIterations") + .HasColumnType("integer"); + + b.Property("Key") + .HasColumnType("text"); + + b.Property("LicenseKey") + .HasMaxLength(100) + .HasColumnType("character varying(100)"); + + b.Property("MasterPassword") + .HasMaxLength(300) + .HasColumnType("character varying(300)"); + + b.Property("MasterPasswordHint") + .HasMaxLength(50) + .HasColumnType("character varying(50)"); + + b.Property("MaxStorageGb") + .HasColumnType("smallint"); + + b.Property("Name") + .HasMaxLength(50) + .HasColumnType("character varying(50)"); + + b.Property("Premium") + .HasColumnType("boolean"); + + b.Property("PremiumExpirationDate") + .HasColumnType("timestamp without time zone"); + + b.Property("PrivateKey") + .HasColumnType("text"); + + b.Property("PublicKey") + .HasColumnType("text"); + + b.Property("ReferenceData") + .HasColumnType("text"); + + b.Property("RenewalReminderDate") + .HasColumnType("timestamp without time zone"); + + b.Property("RevisionDate") + .HasColumnType("timestamp without time zone"); + + b.Property("SecurityStamp") + .IsRequired() + .HasMaxLength(50) + .HasColumnType("character varying(50)"); + + b.Property("Storage") + .HasColumnType("bigint"); + + b.Property("TwoFactorProviders") + .HasColumnType("text"); + + b.Property("TwoFactorRecoveryCode") + .HasMaxLength(32) + .HasColumnType("character varying(32)"); + + b.HasKey("Id"); + + b.ToTable("User"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Cipher", b => + { + b.HasOne("Bit.Core.Models.EntityFramework.Organization", "Organization") + .WithMany("Ciphers") + .HasForeignKey("OrganizationId"); + + b.HasOne("Bit.Core.Models.EntityFramework.User", "User") + .WithMany("Ciphers") + .HasForeignKey("UserId"); + + b.Navigation("Organization"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Collection", b => + { + b.HasOne("Bit.Core.Models.EntityFramework.Organization", "Organization") + .WithMany() + .HasForeignKey("OrganizationId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Organization"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.CollectionCipher", b => + { + b.HasOne("Bit.Core.Models.EntityFramework.Cipher", "Cipher") + .WithMany("CollectionCiphers") + .HasForeignKey("CipherId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("Bit.Core.Models.EntityFramework.Collection", "Collection") + .WithMany("CollectionCiphers") + .HasForeignKey("CollectionId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Cipher"); + + b.Navigation("Collection"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.CollectionGroup", b => + { + b.HasOne("Bit.Core.Models.EntityFramework.Collection", "Collection") + .WithMany("CollectionGroups") + .HasForeignKey("CollectionId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("Bit.Core.Models.EntityFramework.Group", "Group") + .WithMany() + .HasForeignKey("GroupId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Collection"); + + b.Navigation("Group"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.CollectionUser", b => + { + b.HasOne("Bit.Core.Models.EntityFramework.Collection", "Collection") + .WithMany("CollectionUsers") + .HasForeignKey("CollectionId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("Bit.Core.Models.EntityFramework.OrganizationUser", "OrganizationUser") + .WithMany("CollectionUsers") + .HasForeignKey("OrganizationUserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("Bit.Core.Models.EntityFramework.User", null) + .WithMany("CollectionUsers") + .HasForeignKey("UserId"); + + b.Navigation("Collection"); + + b.Navigation("OrganizationUser"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Device", b => + { + b.HasOne("Bit.Core.Models.EntityFramework.User", "User") + .WithMany() + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.EmergencyAccess", b => + { + b.HasOne("Bit.Core.Models.EntityFramework.User", "Grantee") + .WithMany() + .HasForeignKey("GranteeId"); + + b.HasOne("Bit.Core.Models.EntityFramework.User", "Grantor") + .WithMany() + .HasForeignKey("GrantorId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Grantee"); + + b.Navigation("Grantor"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Folder", b => + { + b.HasOne("Bit.Core.Models.EntityFramework.User", "User") + .WithMany("Folders") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Group", b => + { + b.HasOne("Bit.Core.Models.EntityFramework.Organization", "Organization") + .WithMany("Groups") + .HasForeignKey("OrganizationId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Organization"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.GroupUser", b => + { + b.HasOne("Bit.Core.Models.EntityFramework.Group", "Group") + .WithMany("GroupUsers") + .HasForeignKey("GroupId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("Bit.Core.Models.EntityFramework.OrganizationUser", "OrganizationUser") + .WithMany() + .HasForeignKey("OrganizationUserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("Bit.Core.Models.EntityFramework.User", null) + .WithMany("GroupUsers") + .HasForeignKey("UserId"); + + b.Navigation("Group"); + + b.Navigation("OrganizationUser"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.OrganizationUser", b => + { + b.HasOne("Bit.Core.Models.EntityFramework.Organization", "Organization") + .WithMany("OrganizationUsers") + .HasForeignKey("OrganizationId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("Bit.Core.Models.EntityFramework.User", "User") + .WithMany("OrganizationUsers") + .HasForeignKey("UserId"); + + b.Navigation("Organization"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Policy", b => + { + b.HasOne("Bit.Core.Models.EntityFramework.Organization", "Organization") + .WithMany("Policies") + .HasForeignKey("OrganizationId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Organization"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Provider.ProviderOrganization", b => + { + b.HasOne("Bit.Core.Models.EntityFramework.Organization", "Organization") + .WithMany() + .HasForeignKey("OrganizationId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("Bit.Core.Models.EntityFramework.Provider.Provider", "Provider") + .WithMany() + .HasForeignKey("ProviderId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Organization"); + + b.Navigation("Provider"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Provider.ProviderUser", b => + { + b.HasOne("Bit.Core.Models.EntityFramework.Provider.Provider", "Provider") + .WithMany() + .HasForeignKey("ProviderId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("Bit.Core.Models.EntityFramework.User", "User") + .WithMany() + .HasForeignKey("UserId"); + + b.Navigation("Provider"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Send", b => + { + b.HasOne("Bit.Core.Models.EntityFramework.Organization", "Organization") + .WithMany() + .HasForeignKey("OrganizationId"); + + b.HasOne("Bit.Core.Models.EntityFramework.User", "User") + .WithMany() + .HasForeignKey("UserId"); + + b.Navigation("Organization"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.SsoConfig", b => + { + b.HasOne("Bit.Core.Models.EntityFramework.Organization", "Organization") + .WithMany("SsoConfigs") + .HasForeignKey("OrganizationId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Organization"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.SsoUser", b => + { + b.HasOne("Bit.Core.Models.EntityFramework.Organization", "Organization") + .WithMany("SsoUsers") + .HasForeignKey("OrganizationId"); + + b.HasOne("Bit.Core.Models.EntityFramework.User", "User") + .WithMany("SsoUsers") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Organization"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Transaction", b => + { + b.HasOne("Bit.Core.Models.EntityFramework.Organization", "Organization") + .WithMany("Transactions") + .HasForeignKey("OrganizationId"); + + b.HasOne("Bit.Core.Models.EntityFramework.User", "User") + .WithMany("Transactions") + .HasForeignKey("UserId"); + + b.Navigation("Organization"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.U2f", b => + { + b.HasOne("Bit.Core.Models.EntityFramework.User", "User") + .WithMany("U2fs") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Cipher", b => + { + b.Navigation("CollectionCiphers"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Collection", b => + { + b.Navigation("CollectionCiphers"); + + b.Navigation("CollectionGroups"); + + b.Navigation("CollectionUsers"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Group", b => + { + b.Navigation("GroupUsers"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.Organization", b => + { + b.Navigation("Ciphers"); + + b.Navigation("Groups"); + + b.Navigation("OrganizationUsers"); + + b.Navigation("Policies"); + + b.Navigation("SsoConfigs"); + + b.Navigation("SsoUsers"); + + b.Navigation("Transactions"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.OrganizationUser", b => + { + b.Navigation("CollectionUsers"); + }); + + modelBuilder.Entity("Bit.Core.Models.EntityFramework.User", b => + { + b.Navigation("Ciphers"); + + b.Navigation("CollectionUsers"); + + b.Navigation("Folders"); + + b.Navigation("GroupUsers"); + + b.Navigation("OrganizationUsers"); + + b.Navigation("SsoUsers"); + + b.Navigation("Transactions"); + + b.Navigation("U2fs"); + }); +#pragma warning restore 612, 618 + } + } +} diff --git a/util/PostgresMigrations/Migrations/20210921163012_SplitManageCollectionsPermissions.cs b/util/PostgresMigrations/Migrations/20210921163012_SplitManageCollectionsPermissions.cs new file mode 100644 index 0000000000..ebf79c3969 --- /dev/null +++ b/util/PostgresMigrations/Migrations/20210921163012_SplitManageCollectionsPermissions.cs @@ -0,0 +1,22 @@ +using System; +using Bit.Core.Utilities; +using Microsoft.EntityFrameworkCore.Migrations; + +namespace Bit.PostgresMigrations.Migrations +{ + public partial class SplitManageCollectionsPermissions : Migration + { + private const string _scriptLocation = + "PostgresMigration.Scripts.2021-09-21_00_SplitManageCollectionsPermission.psql"; + + protected override void Up(MigrationBuilder migrationBuilder) + { + migrationBuilder.Sql(CoreHelpers.GetEmbeddedResourceContentsAsync(_scriptLocation)); + } + + protected override void Down(MigrationBuilder migrationBuilder) + { + throw new Exception("Irreversible migration"); + } + } +} diff --git a/util/PostgresMigrations/PostgresMigrations.csproj b/util/PostgresMigrations/PostgresMigrations.csproj index d1f67c3af2..6fb1ff46cc 100644 --- a/util/PostgresMigrations/PostgresMigrations.csproj +++ b/util/PostgresMigrations/PostgresMigrations.csproj @@ -16,4 +16,10 @@ + + + + + + diff --git a/util/PostgresMigrations/Scripts/2021-09-21_00_SplitManageCollectionsPermission.psql b/util/PostgresMigrations/Scripts/2021-09-21_00_SplitManageCollectionsPermission.psql new file mode 100644 index 0000000000..0cd35df0d5 --- /dev/null +++ b/util/PostgresMigrations/Scripts/2021-09-21_00_SplitManageCollectionsPermission.psql @@ -0,0 +1,42 @@ +CREATE OR REPLACE FUNCTION updatePermissionsJson(permissions jsonb) returns jsonb LANGUAGE plpgsql AS $$ + DECLARE manageAllCollections jsonb := COALESCE(jsonb_extract_path(permissions, 'manageAllCollections'), 'false'); + DECLARE manageAssignedCollections jsonb := COALESCE(jsonb_extract_path(permissions, 'manageAssignedCollections'), 'false'); + + DECLARE createNewCollections jsonb := COALESCE(jsonb_extract_path(permissions, 'createNewCollections'), manageAllCollections); + DECLARE editAnyCollection jsonb := COALESCE(jsonb_extract_path(permissions, 'editAnyCollection'), manageAllCollections); + DECLARE deleteAnyCollection jsonb := COALESCE(jsonb_extract_path(permissions, 'deleteAnyCollection'), manageAllCollections); + + DECLARE editAssignedCollections jsonb := COALESCE(jsonb_extract_path(permissions, 'editAssignedCollections'), manageAssignedCollections); + DECLARE deleteAssignedCollections jsonb := COALESCE(jsonb_extract_path(permissions, 'deleteAssignedCollections'), manageAssignedCollections); + + BEGIN + RETURN + jsonb_set( + jsonb_set( + jsonb_set( + jsonb_set( + jsonb_set( + permissions, + '{createNewCollections}', + createNewCollections + ), + '{editAnyCollection}', + editAnyCollection + ), + '{deleteAnyCollection}', + deleteAnyCollection + ), + '{editAssignedCollections}', + editAssignedCollections + ), + '{deleteAssignedCollections}', + deleteAssignedCollections + ); + END +$$; + +UPDATE public."OrganizationUser" +SET "Permissions" = updatePermissionsJson("Permissions"::jsonb)::text +WHERE "Permissions" IS NOT NULL; + +DROP FUNCTION updatePermissionsJson(jsonb);